开发者

Simple code to expire Drupal cookie?

With a singl开发者_高级运维e click this simple script will do a multi-logout of:

Moodle

Elgg

2 MyBB's and

(not) Drupal.

    <?php
setcookie( 'Elgg', '', -3600, '/', '.domain.com', false, false);
setcookie( 'http_auth_ext_complete', '1', -3600, '/d/', '.domain.com', false, false);
// setcookie( 'http_auth_ext_complete', '1', -3600, '/d/', 'domain.com', false, false); 
setcookie( 'mybbuser', '', -3600, '/', '.domain.com', false, false);
setcookie( 'mybbuser', '', -3600, '/bb/', '.domain.com', false, false);

   // unset all 3 Moodle cookies, the lazy way
    if (isset($_SERVER['HTTP_COOKIE'])) {
        $cookies = explode(';', $_SERVER['HTTP_COOKIE']);
        foreach($cookies as $cookie) {
            $parts = explode('=', $cookie);
            $name = trim($parts[0]);
            setcookie($name, '', time()-1000);
            setcookie($name, '', time()-1000, '/');
        }
    }

    ?>

This works on four sites but the Drupal cookie won't quit. How can I do the same with Drupal?

Note: Drupal uses 'host' instead of 'domain', neither with or without the '.' works so far.

Thank you.

EDIT: I'm sure the cookie twice had "Host domain.com" and on another login used the more standard format "Domain .domain.com"

The cookie named "http_auth_ext_complete" is getting expired and I am still logged in. Drupal uses a second cookie with the session ID as the cookie name + there is a matching entry in the session database table, also.


The name of the session cookie used by Drupal is not constant, but constructed based on an MD5 hash of the cookie domain of the specific Drupal installation - see conf_init() in 'bootstrap.inc' for details (hashing occurs on the last line of the function).

This session cookie is the one you'd need to get rid of in order to enforce a log out. If your script is supposed to work for a specific Drupal instance only, you could adjust it to use the specific session cookie name (will break if the cookie domain changes). If it is intended for a more general use, you'd need to come up with a dynamic version that mimics the way Drupal generates the name, i.e. 'SESS' . md5([cookie_domain]), with some complications in case of SSL.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜