Ref T4339. We have more magical cookie names than we should, move them all to a central location.
Details
Details
- Reviewers
btrahan - Maniphest Tasks
- T4339: Support CSRF for logged-out users
- Commits
- Restricted Diffusion Commit
rP072741802350: Consolidate use of magical cookie name strings
Registered, logged in, linked account, logged out. See inlines.
Diff Detail
Diff Detail
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
| src/aphront/console/DarkConsoleDataController.php | ||
|---|---|---|
| 61โ72 | This fixes a small theoretical issue caused by the recent cookie prefix patch, where this filter could fail to strip session keys if you prefixed cookies. | |
| src/applications/auth/controller/PhabricatorAuthController.php | ||
| 116 | This is a GET parameter to the login validation controller, which makes sure you logged in as the user we expect and that your cookies got set correctly. I changed the name to 'expect' to make it more clear that it is not directly handling the 'phcid' cookie. | |
| src/applications/auth/controller/PhabricatorAuthStartController.php | ||
| 27 | This fixes two small user experience issues:
| |
| src/applications/auth/controller/PhabricatorLogoutController.php | ||
| 36 | For consistency, treat the session "0" as a real session, although it is vanishingly unlikely to be valid. | |
| 55 | (Unrelated cleanup, these two versions display identically.) | |
| src/applications/settings/panel/PhabricatorSettingsPanelSessions.php | ||
| 43โ45 | Fixes TODO, this table now has a real ID column. | |