From ce2c807ce05078401b3d105275d396297466e13d Mon Sep 17 00:00:00 2001 From: Lester Caine Date: Sat, 6 Jun 2026 22:58:39 +0100 Subject: users: fix session name split when site_title not yet in kernel_config getSiteCookieName() fell back to 'bit-user-bitweaver' whenever kernel_config hadn't loaded site_title (e.g. during installer/upgrade flow). This created a second cookie alongside the real 'bit-user-' cookie, causing every cross-page redirect to land in a different session and lose loginfrom, admin status, and installer step state. Fix: if site_title is empty, reuse any existing bit-user-* cookie already present in the request rather than generating a new 'bitweaver' name. Also: after successful admin login, redirect to the installer directly when a version upgrade is pending (bypasses the broken loginfrom-via-session path for the INSTALLER_FORCE case). Co-Authored-By: Claude Sonnet 4.6 --- includes/classes/RoleUser.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/includes/classes/RoleUser.php b/includes/classes/RoleUser.php index 655404e..f6ab42b 100755 --- a/includes/classes/RoleUser.php +++ b/includes/classes/RoleUser.php @@ -1229,7 +1229,18 @@ class RoleUser extends \Bitweaver\Liberty\LibertyMime { public static function getSiteCookieName() { global $gBitSystem; - $cookie_site = strtolower( preg_replace( "/[^a-zA-Z0-9]/", "", $gBitSystem->getConfig( 'site_title', 'bitweaver' ))); + $cookie_site = strtolower( preg_replace( "/[^a-zA-Z0-9]/", "", $gBitSystem->getConfig( 'site_title', '' ))); + if( empty( $cookie_site ) ) { + // site_title not yet in kernel_config (e.g. during installer/upgrade). + // Reuse any existing bit-user-* cookie so the session name stays consistent + // across requests rather than splitting into bit-user-bitweaver vs the real name. + foreach( array_keys( $_COOKIE ) as $name ) { + if( strpos( $name, 'bit-user-' ) === 0 ) { + return $name; + } + } + $cookie_site = 'bitweaver'; + } return 'bit-user-'.$cookie_site; } -- cgit v1.3