Serendipity Forums

I had a problem with the logout action deleting cookies on a local domain like localhost. (One without a dot)
I found that the serendipity_deleteCookie function was missing the same condition for local domains that the serendipity_setCookie has. (In functions_config.inc.php)

The cookies have to be deleted with sam host value as they were set, so for lacal domains, they cannot be deleted.

Adding the following lines after line 649 in the serendipity_deleteCookie function fixes the problem:

// If HTTP-Hosts like "localhost" are used, current browsers reject cookies.
// In this case, we disregard the HTTP host to be able to delete that cookie.
if (substr_count($host, '.') < 2) {
$host = '';

Hi!

Thanks for the headsup. Wouldn't it be better to check, if the host has less than 1 dot instead of 2 dots? "garv.in" would be a valid domainname, and it only has one dot, so the host should not be removed from the cookie host in that case?!

Regards,
Garvin

Yes, I guess so, I just copied the condition used to set the cookie, so that it is the same to set it and remove it, but you are right.
Apparently, at the moment, s9y is not using the domain to set the cookie for single dot domains in that case.
So both the setCookie and deleteCookie method could be corrected.

Hi!

Thanks a lot for the input. I just committed it like you suggested.

Regards,
Garvin