1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How can I achieve this without XF code modification?

Discussion in 'XenForo Development Discussions' started by W1zzard, Dec 19, 2015.

  1. W1zzard

    W1zzard Well-Known Member

    I'm trying to turn off the 'secure' flag on cookies, so that users don't get logged out when switching between http and https pages on our site. This is only for a transition phase, ultimately we will switch to https only, so no need to recommend that :)

    My current code modification in XenForo_Helper_Cookie, which works fine, is below, any ideas how I could do the same without modifying XF core code? It's a static class so no XFCP_

    Code:
      protected static function _setCookieInternal($name, $value, $expiration = 0, $httpOnly = false, $secure = null)
       {
         if ($secure === null)
         {
           $secure = XenForo_Application::$secure;
         }
         
         $secure=false; // ****** Modification: Turn off secure cookie, even when on HTTPS
    
         $cookieConfig = XenForo_Application::get('config')->cookie;
         $path = $cookieConfig->path;
         $domain = $cookieConfig->domain;
    
         if ($value === false)
         {
           $expiration = XenForo_Application::$time - 86400 * 365;
         }
    
         $name = $cookieConfig->prefix . $name;
    
         try
         {
           return setcookie($name, $value, $expiration, $path, $domain, $secure, $httpOnly);
         }
         catch (Exception $e)
         {
           return false; // possibly an error with the name... silencing may not be ideal, but it shouldn't usually happen
         }
       }
    
     
  2. Xon

    Xon Well-Known Member

    @W1zzard That is about the 'best' way.

    One alternative is to copy the entire XenForo_Helper_Cookie class to somewhere, edit it, and then include() the edited copy manually somewhere so the autoloader never fires for that class. I use this trick for replacing some non-modifiable classes in some of my add-ons.
     
    eva2000 likes this.
  3. rellect

    rellect Well-Known Member

    Add to config.php
    PHP:
    $_SERVER['HTTPS'] = 'off';
     

Share This Page