Merge remote-tracking branch 'origin/6.2.0' into 7.0.2
Conflicts: src/Umbraco.Core/Configuration/UmbracoSettings.cs src/Umbraco.Core/Security/AuthenticationExtensions.cs src/umbraco.businesslogic/StateHelper.cs
This commit is contained in:
Shannon
22
src/Umbraco.Core/Constants-Web.cs
Normal file
22
src/Umbraco.Core/Constants-Web.cs
Normal file
@@ -0,0 +1,22 @@
|
||||
namespace Umbraco.Core
|
||||
{
|
||||
public static partial class Constants
|
||||
{
|
||||
/// <summary>
|
||||
/// Defines the identifiers for Umbraco system nodes.
|
||||
/// </summary>
|
||||
public static class Web
|
||||
{
|
||||
/// <summary>
|
||||
/// The preview cookie name
|
||||
/// </summary>
|
||||
public const string PreviewCookieName = "UMB_PREVIEW";
|
||||
|
||||
/// <summary>
|
||||
/// The auth cookie name
|
||||
/// </summary>
|
||||
public const string AuthCookieName = "UMB_UCONTEXT";
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -259,21 +259,27 @@ namespace Umbraco.Core.Security
|
||||
private static void Logout(this HttpContextBase http, string cookieName)
|
||||
{
|
||||
if (http == null) throw new ArgumentNullException("http");
|
||||
//remove from the request
|
||||
http.Request.Cookies.Remove(cookieName);
|
||||
//clear the preview cookie too
|
||||
var cookies = new[] { cookieName, Constants.Web.PreviewCookieName };
|
||||
foreach (var c in cookies)
|
||||
{
|
||||
//remove from the request
|
||||
http.Request.Cookies.Remove(c);
|
||||
|
||||
//expire from the response
|
||||
var formsCookie = http.Response.Cookies[c];
|
||||
if (formsCookie != null)
|
||||
{
|
||||
//this will expire immediately and be removed from the browser
|
||||
formsCookie.Expires = DateTime.Now.AddYears(-1);
|
||||
}
|
||||
else
|
||||
{
|
||||
//ensure there's def an expired cookie
|
||||
http.Response.Cookies.Add(new HttpCookie(c) { Expires = DateTime.Now.AddYears(-1) });
|
||||
}
|
||||
}
|
||||
|
||||
//expire from the response
|
||||
var formsCookie = http.Response.Cookies[cookieName];
|
||||
if (formsCookie != null)
|
||||
{
|
||||
//this will expire immediately and be removed from the browser
|
||||
formsCookie.Expires = DateTime.Now.AddYears(-1);
|
||||
}
|
||||
else
|
||||
{
|
||||
//ensure there's def an expired cookie
|
||||
http.Response.Cookies.Add(new HttpCookie(cookieName) { Expires = DateTime.Now.AddYears(-1) });
|
||||
}
|
||||
}
|
||||
|
||||
private static FormsAuthenticationTicket GetAuthTicket(this HttpContextBase http, string cookieName)
|
||||
|
||||
@@ -1061,6 +1061,9 @@
|
||||
<Compile Include="Constants-System.cs">
|
||||
<DependentUpon>Constants.cs</DependentUpon>
|
||||
</Compile>
|
||||
<Compile Include="Constants-Web.cs">
|
||||
<DependentUpon>Constants.cs</DependentUpon>
|
||||
</Compile>
|
||||
<Compile Include="UpgradeableReadLock.cs" />
|
||||
<Compile Include="DelegateEqualityComparer.cs" />
|
||||
<Compile Include="Media\IEmbedProvider.cs" />
|
||||
|
||||
@@ -349,7 +349,7 @@ namespace umbraco.BusinessLogic
|
||||
* we currently reproduce this by configuring each cookie with a 30d expires, but does
|
||||
* that actually make sense? shouldn't some cookie have _no_ expires?
|
||||
*/
|
||||
static readonly Cookie _preview = new Cookie(Constants.Web.PreviewCookieName, 30d); // was "PreviewSet"
|
||||
static readonly Cookie _preview = new Cookie(Constants.Web.PreviewCookieName, TimeSpan.Zero); // was "PreviewSet"
|
||||
static readonly Cookie _userContext = new Cookie(Constants.Web.AuthCookieName, 30d); // was "UserContext"
|
||||
static readonly Cookie _member = new Cookie("UMB_MEMBER", 30d); // was "umbracoMember"
|
||||
|
||||
@@ -431,7 +431,7 @@ namespace umbraco.BusinessLogic
|
||||
}
|
||||
public void SetValue(string value)
|
||||
{
|
||||
SetValueWithDate(value, DateTime.Now + _expires);
|
||||
SetValueWithDate(value, _expires == TimeSpan.Zero ? DateTime.MinValue : DateTime.Now + _expires);
|
||||
}
|
||||
|
||||
public void SetValue(string value, double days)
|
||||
@@ -441,7 +441,7 @@ namespace umbraco.BusinessLogic
|
||||
|
||||
public void SetValue(string value, TimeSpan expires)
|
||||
{
|
||||
SetValue(value, DateTime.Now + expires);
|
||||
SetValue(value, expires == TimeSpan.Zero ? DateTime.MinValue : DateTime.Now + expires);
|
||||
}
|
||||
|
||||
public void SetValue(string value, DateTime expires)
|
||||
@@ -451,7 +451,7 @@ namespace umbraco.BusinessLogic
|
||||
|
||||
private void SetValueWithDate(string value, DateTime expires)
|
||||
{
|
||||
HttpCookie cookie = new HttpCookie(_key, value);
|
||||
var cookie = new HttpCookie(_key, value);
|
||||
|
||||
if (GlobalSettings.UseSSL)
|
||||
cookie.Secure = true;
|
||||
@@ -459,7 +459,12 @@ namespace umbraco.BusinessLogic
|
||||
//ensure http only, this should only be able to be accessed via the server
|
||||
cookie.HttpOnly = true;
|
||||
|
||||
cookie.Expires = expires;
|
||||
//set an expiry date if not min value, otherwise leave it as a session cookie.
|
||||
if (expires != DateTime.MinValue)
|
||||
{
|
||||
cookie.Expires = expires;
|
||||
}
|
||||
|
||||
ResponseCookie = cookie;
|
||||
|
||||
// original Umbraco code also does this
|
||||
@@ -473,7 +478,7 @@ namespace umbraco.BusinessLogic
|
||||
{
|
||||
if (RequestCookie != null || ResponseCookie != null)
|
||||
{
|
||||
HttpCookie cookie = new HttpCookie(_key);
|
||||
var cookie = new HttpCookie(_key);
|
||||
cookie.Expires = DateTime.Now.AddDays(-1);
|
||||
ResponseCookie = cookie;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user