set_login_cookies()

Coding standards

Security in ResourceSpace

Developer reference

Database

Action functions

Admin functions

Ajax functions

Annotation functions

API functions

Collections functions

Comment functions

Config functions

CSV export functions

Dash functions

Debug functions

Encryption functions

Facial recognition functions

File functions

General functions

Language functions

Log functions

Message functions

Migration functions

Node functions

PDF functions

Plugin functions

Render functions

Reporting functions

Request functions

Research functions

Slideshow functions

Theme permission functions

getThemePathPerms()

User functions

Video functions

Database functions

Metadata functions

Resource functions

Search functions

Map functions

Job functions

get_job_type_priority()

Tab functions

Test functions

Description

Set login cookies

Parameters

Column	Type	Default	Description
$user	integer		User ref
$session_hash	string		User session hash
$language	string	""	Language code (e.g en)
$user_preferences	boolean	true	Set colour theme from user preferences

Return

void

Location

include/login_functions.php lines 271 to 301

Definition


 
function set_login_cookies($user, $session_hash, $language = "", $user_preferences = true)
    {
    global $baseurl, $baseurl_short, $allow_keep_logged_in, $default_res_types, $language;
    $expires=0;
    if((string)(int)$user!=(string)$user || $user < 1)
        {
        debug("set_login_cookies() - invalid paramters passed : " . func_get_args());
        return false;
        }
    if ($allow_keep_logged_in && getval("remember","")!="") {$expires = 100;} # remember login for 100 days
            
    if($language != "")
        {
        # Store language cookie
        rs_setcookie("language", $language, 1000); # Only used if not global cookies
        rs_setcookie("language", $language, 1000, $baseurl_short . "pages/");
        }
        
    # Set the session cookie. Do this for all paths that nay set the cookie as otherwise we can end up with a valid cookie at e.g. pages/team or pages/ajax
    rs_setcookie("user", "", 0, $baseurl_short);
    rs_setcookie("user", "", 0, $baseurl_short . "pages");
    rs_setcookie("user", "", 0, $baseurl_short . "pages/team");
    rs_setcookie("user", "", 0, $baseurl_short . "pages/admin");
    rs_setcookie("user", "", 0, $baseurl_short . "pages/ajax");

    # Set user cookie, setting secure only flag if a HTTPS site, and also setting the HTTPOnly flag so this cookie cannot be probed by scripts (mitigating potential XSS vuln.) 
    rs_setcookie("user", $session_hash, $expires, $baseurl_short, "", substr($baseurl,0,5)=="https", true);

    # Set default resource types
    rs_setcookie('restypes', $default_res_types);
    }

This article was last updated 17th November 2024 15:35 Europe/London time based on the source file dated 7th November 2024 17:40 Europe/London time.

Knowledge Base