Refactored double Set-Cookie prevention code, and session reopening code

airtime_mvc/application/Bootstrap.php

@@ -25,6 +25,7 @@ require_once "OsPath.php";
 require_once "Database.php";
 require_once "ProvisioningHelper.php";
 require_once "SecurityHelper.php";
+require_once "SessionHelper.php";
 require_once "GoogleAnalytics.php";
 require_once "Timezone.php";
 require_once "Auth.php";

airtime_mvc/application/common/SessionHelper.php

@@ -0,0 +1,13 @@
+<?php
+
+class SessionHelper
+{
+    public static function reopenSessionForWriting() {
+        //PHP will send double Set-Cookie headers if we reopen the
+        //session for writing, and this breaks IE8 and some other browsers.
+        //This hacky workaround prevents double headers. Background here:
+        // https://bugs.php.net/bug.php?id=38104
+        ini_set('session.cache_limiter', null);
+        session_start(); // Reopen the session for writing (without resending the Set-Cookie header)
+    }
+}

airtime_mvc/application/controllers/BillingController.php

@@ -27,7 +27,7 @@ class BillingController extends Zend_Controller_Action {
         Billing::ensureClientIdIsValid();
 
         //Zend's CSRF token element requires the session to be open for writing
-        session_start();
+        SessionHelper::reopenSessionForWriting();
 
         $request = $this->getRequest();
         $form = new Application_Form_BillingUpgradeDowngrade();
@@ -224,7 +224,7 @@ class BillingController extends Zend_Controller_Action {
         $this->view->headLink()->appendStylesheet($baseUrl.'css/billing.css?'.$CC_CONFIG['airtime_version']);
 
         //Zend's CSRF token element requires the session to be open for writing
-        session_start();
+        SessionHelper::reopenSessionForWriting();
 
         $request = $this->getRequest();
         $form = new Application_Form_BillingClient();

airtime_mvc/application/controllers/LoginController.php

@@ -34,14 +34,8 @@ class LoginController extends Zend_Controller_Action
 
         if (Zend_Session::isStarted()) {
 
-            ini_set('session.use_only_cookies', false);
-            ini_set('session.use_cookies', false);
-            ini_set('session.use_trans_sid', false);
-            ini_set('session.cache_limiter', null);
-            session_start(); // second session_start
-
             //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
-            //session_start();
+            SessionHelper::reopenSessionForWriting();
 
             $auth = Zend_Auth::getInstance();
             $auth->getStorage();
@@ -142,7 +136,7 @@ class LoginController extends Zend_Controller_Action
     public function logoutAction()
     {
         //Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
-        session_start();
+        SessionHelper::reopenSessionForWriting();
 
         $auth = Zend_Auth::getInstance();
         $auth->clearIdentity();

airtime_mvc/application/controllers/PlaylistController.php

@@ -32,7 +32,7 @@ class PlaylistController extends Zend_Controller_Action
                     ->initContext();
 
         //This controller writes to the session all over the place, so we're going to reopen it for writing here.
-        session_start(); //Reopen the session for writing
+        SessionHelper::reopenSessionForWriting();
     }
 
     private function getPlaylist($p_type)

airtime_mvc/application/controllers/PreferenceController.php

@@ -32,7 +32,7 @@ class PreferenceController extends Zend_Controller_Action
         $form = new Application_Form_Preferences();
         $values = array();
 
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
 
         if ($request->isPost()) {
             $values = $request->getPost();
@@ -92,7 +92,7 @@ class PreferenceController extends Zend_Controller_Action
         $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/support-setting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
         $this->view->statusMsg = "";
 
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
 
         $form = new Application_Form_SupportSettings();
         if ($request->isPost()) {
@@ -128,7 +128,7 @@ class PreferenceController extends Zend_Controller_Action
 
     public function removeLogoAction()
     {
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
 
         $this->view->layout()->disableLayout();
         // Remove reliance on .phtml files to render requests
@@ -153,7 +153,7 @@ class PreferenceController extends Zend_Controller_Action
 
         $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/streamsetting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
 
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
 
         $name_map = array(
 				'ogg' => 'Ogg Vorbis',
@@ -447,7 +447,7 @@ class PreferenceController extends Zend_Controller_Action
 
     public function setSourceConnectionUrlAction()
     {
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
 
         $request = $this->getRequest();
         $type = $request->getParam("type", null);
@@ -467,7 +467,7 @@ class PreferenceController extends Zend_Controller_Action
 
     public function getAdminPasswordStatusAction()
     {
-        session_start(); //Open session for writing.
+        SessionHelper::reopenSessionForWriting();
 
         $out = array();
         $num_of_stream = intval(Application_Model_Preference::GetNumOfStreams());

airtime_mvc/application/controllers/UserController.php

@@ -18,7 +18,7 @@ class UserController extends Zend_Controller_Action
     {
         // Start the session to re-open write permission to the session so we can
         // create the namespace for our csrf token verification
-        session_start();
+        SessionHelper::reopenSessionForWriting();
         $CC_CONFIG = Config::getConfig();
 
         $request = $this->getRequest();
@@ -121,7 +121,7 @@ class UserController extends Zend_Controller_Action
     
     public function editUserAction()
     {
-        session_start(); //Reopen session for writing.
+        SessionHelper::reopenSessionForWriting();
         $request = $this->getRequest();
         $form = new Application_Form_EditUser();
         if ($request->isPost()) {

airtime_mvc/application/controllers/UsersettingsController.php

@@ -70,14 +70,14 @@ class UsersettingsController extends Zend_Controller_Action
     public function remindmeAction()
     {
         // unset session
-        session_start();  //open session for writing again
+        SessionHelper::reopenSessionForWriting();
         Zend_Session::namespaceUnset('referrer');
         Application_Model_Preference::SetRemindMeDate();
     }
     
     public function remindmeNeverAction()
     {
-        session_start();  //open session for writing again
+        SessionHelper::reopenSessionForWriting();
         Zend_Session::namespaceUnset('referrer');
         //pass in true to indicate 'Remind me never' was clicked
         Application_Model_Preference::SetRemindMeDate(true);
@@ -86,7 +86,7 @@ class UsersettingsController extends Zend_Controller_Action
     public function donotshowregistrationpopupAction()
     {
         // unset session
-        session_start();  //open session for writing again
+        SessionHelper::reopenSessionForWriting();
         Zend_Session::namespaceUnset('referrer');
     }