diff options
| author | Lester Caine <lester@lsces.co.uk> | 2026-06-06 22:58:39 +0100 |
|---|---|---|
| committer | Lester Caine <lester@lsces.co.uk> | 2026-06-06 22:58:39 +0100 |
| commit | ce2c807ce05078401b3d105275d396297466e13d (patch) | |
| tree | 13ee03ccd668da1c50ed02997b0e356519ad7c98 /includes | |
| parent | f70cb1f12cca1111866190cf3f25503147888841 (diff) | |
| download | users-ce2c807ce05078401b3d105275d396297466e13d.tar.gz users-ce2c807ce05078401b3d105275d396297466e13d.tar.bz2 users-ce2c807ce05078401b3d105275d396297466e13d.zip | |
users: fix session name split when site_title not yet in kernel_config
getSiteCookieName() fell back to 'bit-user-bitweaver' whenever kernel_config
hadn't loaded site_title (e.g. during installer/upgrade flow). This created
a second cookie alongside the real 'bit-user-<site>' cookie, causing every
cross-page redirect to land in a different session and lose loginfrom, admin
status, and installer step state.
Fix: if site_title is empty, reuse any existing bit-user-* cookie already
present in the request rather than generating a new 'bitweaver' name.
Also: after successful admin login, redirect to the installer directly when
a version upgrade is pending (bypasses the broken loginfrom-via-session path
for the INSTALLER_FORCE case).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'includes')
| -rwxr-xr-x | includes/classes/RoleUser.php | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/includes/classes/RoleUser.php b/includes/classes/RoleUser.php index 655404e..f6ab42b 100755 --- a/includes/classes/RoleUser.php +++ b/includes/classes/RoleUser.php @@ -1229,7 +1229,18 @@ class RoleUser extends \Bitweaver\Liberty\LibertyMime { public static function getSiteCookieName() { global $gBitSystem; - $cookie_site = strtolower( preg_replace( "/[^a-zA-Z0-9]/", "", $gBitSystem->getConfig( 'site_title', 'bitweaver' ))); + $cookie_site = strtolower( preg_replace( "/[^a-zA-Z0-9]/", "", $gBitSystem->getConfig( 'site_title', '' ))); + if( empty( $cookie_site ) ) { + // site_title not yet in kernel_config (e.g. during installer/upgrade). + // Reuse any existing bit-user-* cookie so the session name stays consistent + // across requests rather than splitting into bit-user-bitweaver vs the real name. + foreach( array_keys( $_COOKIE ) as $name ) { + if( strpos( $name, 'bit-user-' ) === 0 ) { + return $name; + } + } + $cookie_site = 'bitweaver'; + } return 'bit-user-'.$cookie_site; } |