Remove last occurence of forcessl

This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
This commit is contained in:
Lukas Reschke 2015-08-26 14:29:36 +02:00
parent 2d0d79296b
commit 3d2ee95f1e

View file

@ -297,8 +297,8 @@ class Session implements IUserSession, Emitter {
* Remove cookie for "remember username"
*/
public function unsetMagicInCookie() {
//TODO: DI for cookies and OC_Config
$secureCookie = \OC_Config::getValue('forcessl', false);
//TODO: DI for cookies and IRequest
$secureCookie = \OC::$server->getRequest()->getServerProtocol() === 'https';
unset($_COOKIE["oc_username"]); //TODO: DI
unset($_COOKIE["oc_token"]);