diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-05-30 16:52:21 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-05-30 16:52:21 +0100 |
| commit | 7b4034e98282614c8e45e9c9d660b02e2cea9281 (patch) | |
| tree | 7bfe5c302cf7b00e6d65c9f63fc54019bb892f96 /includes | |
| parent | f653f5d20add3bf47abda725a6bf741aaf1406fd (diff) | |
| download | users-7b4034e98282614c8e45e9c9d660b02e2cea9281.tar.gz users-7b4034e98282614c8e45e9c9d660b02e2cea9281.tar.bz2 users-7b4034e98282614c8e45e9c9d660b02e2cea9281.zip | |
Fix invalid cookie domain when remember-me is active
parse_url(BIT_ROOT_URL, PHP_URL_HOST) returns null for a path-only URL;
the ?? '/' fallback set domain to '/' which browsers reject as invalid.
Use ?? '' so the domain attribute is omitted and the browser infers the
current host.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'includes')
| -rwxr-xr-x | includes/classes/RoleUser.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/classes/RoleUser.php b/includes/classes/RoleUser.php index e1f2708..8f66210 100755 --- a/includes/classes/RoleUser.php +++ b/includes/classes/RoleUser.php @@ -1209,7 +1209,7 @@ class RoleUser extends \Bitweaver\Liberty\LibertyMime { if( $gBitSystem->isFeatureActive( 'users_remember_me' ) && isset( $_REQUEST['rme'] ) && $_REQUEST['rme'] == 'on' ) { $cookieTime = (int)( time() + (int)$gBitSystem->getConfig( 'users_remember_time', 86400 )); $cookiePath = $gBitSystem->getConfig( 'cookie_path', $cookiePath ); - $cookieDomain = parse_url(BIT_ROOT_URL, PHP_URL_HOST) ?? '/'; + $cookieDomain = parse_url(BIT_ROOT_URL, PHP_URL_HOST) ?? ''; $gBitSystem->getConfig( 'cookie_domain', $cookieDomain); } } |