Fix reauth with legacy cookie (#8778)

Fix https://github.com/FreshRSS/FreshRSS/issues/8486 Fix https://github.com/FreshRSS/FreshRSS/issues/8532 Restore some legacy code from https://github.com/FreshRSS/FreshRSS/pull/8447 How to test: * Start with FreshRSS 1.28.1 * Update to edge * Access user management Co-authored-by: Copilot <copilot@github.com>
2026-05-14 02:03:55 -04:00 · 2026-05-08 09:05:32 +02:00
parent a1c637e7ac
commit bbb28b5eda
1 changed files with 25 additions and 0 deletions
--- a/lib/Minz/Session.php
+++ b/lib/Minz/Session.php
@@ -54,6 +54,15 @@ class Minz_Session {
 		session_set_cookie_params($params);

 		session_name($name);
+
+		// Delete legacy cookie (before 1.29.0) if it exists
+		if (isset($_COOKIE[$name])) {
+			$legacyDir = self::getLegacyCookieDir();
+			if ($legacyDir !== '' && $legacyDir !== '/') {
+				setcookie($name, '', ['expires' => 1, 'path' => $legacyDir]);
+			}
+		}
+
 		// When using cookies (default value), session_start() sends HTTP headers
 		session_start();
 		session_write_close();
@@ -180,6 +189,22 @@ class Minz_Session {
 		}
 	}

+	/**
+	 * Kept only to delete legacy cookies from before 1.29.0
+	 */
+	protected static function getLegacyCookieDir(): string {
+		// Get the script_name (e.g. /p/i/index.php) and keep only the path.
+		$cookie_dir = '';
+		if (!empty($_SERVER['HTTP_X_FORWARDED_PREFIX']) && is_string($_SERVER['HTTP_X_FORWARDED_PREFIX'])) {
+			$cookie_dir .= rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ ');
+		}
+		$cookie_dir .= empty($_SERVER['REQUEST_URI']) || !is_string($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI'];
+		if (substr($cookie_dir, -1) !== '/') {
+			$cookie_dir = dirname($cookie_dir) . '/';
+		}
+		return $cookie_dir;
+	}
+
 	/**
 	 * Regenerate a session id.
 	 */