Remove last occurence of forcessl
This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
This commit is contained in:
parent
2d0d79296b
commit
3d2ee95f1e
1 changed files with 2 additions and 2 deletions
|
@ -297,8 +297,8 @@ class Session implements IUserSession, Emitter {
|
|||
* Remove cookie for "remember username"
|
||||
*/
|
||||
public function unsetMagicInCookie() {
|
||||
//TODO: DI for cookies and OC_Config
|
||||
$secureCookie = \OC_Config::getValue('forcessl', false);
|
||||
//TODO: DI for cookies and IRequest
|
||||
$secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https';
|
||||
|
||||
unset($_COOKIE["oc_username"]); //TODO: DI
|
||||
unset($_COOKIE["oc_token"]);
|
||||
|
|
Loading…
Reference in a new issue