• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

How can I achieve this without XF code modification?

W1zzard

Well-known member
#1
I'm trying to turn off the 'secure' flag on cookies, so that users don't get logged out when switching between http and https pages on our site. This is only for a transition phase, ultimately we will switch to https only, so no need to recommend that :)

My current code modification in XenForo_Helper_Cookie, which works fine, is below, any ideas how I could do the same without modifying XF core code? It's a static class so no XFCP_

Code:
  protected static function _setCookieInternal($name, $value, $expiration = 0, $httpOnly = false, $secure = null)
   {
     if ($secure === null)
     {
       $secure = XenForo_Application::$secure;
     }
     
     $secure=false; // ****** Modification: Turn off secure cookie, even when on HTTPS

     $cookieConfig = XenForo_Application::get('config')->cookie;
     $path = $cookieConfig->path;
     $domain = $cookieConfig->domain;

     if ($value === false)
     {
       $expiration = XenForo_Application::$time - 86400 * 365;
     }

     $name = $cookieConfig->prefix . $name;

     try
     {
       return setcookie($name, $value, $expiration, $path, $domain, $secure, $httpOnly);
     }
     catch (Exception $e)
     {
       return false; // possibly an error with the name... silencing may not be ideal, but it shouldn't usually happen
     }
   }
 

Xon

Well-known member
#2
@W1zzard That is about the 'best' way.

One alternative is to copy the entire XenForo_Helper_Cookie class to somewhere, edit it, and then include() the edited copy manually somewhere so the autoloader never fires for that class. I use this trick for replacing some non-modifiable classes in some of my add-ons.