From b84d26447f8932e7d81965b9b128b2ae63ca735c Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 22 Oct 2025 02:25:34 -0700
Subject: [PATCH] Add cookie-based locale persistence

---
 includes/locale.php          | 12 ++++++++++--
 src/RaspAP/Auth/HTTPAuth.php |  4 ++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/includes/locale.php b/includes/locale.php
index 1b9d97bd..db2fd3f1 100755
--- a/includes/locale.php
+++ b/includes/locale.php
@@ -16,16 +16,24 @@
 $validLocales = array_keys(getLocales());
 if (!empty($_POST['locale']) && in_array($_POST['locale'], $validLocales, true)) {
     $_SESSION['locale'] = $_POST['locale'];
+    setcookie('locale', $_POST['locale'], time() + (86400 * 30), '/', '', false, true);
 }
 
-// Set locale from browser detection, if not already set
+// Set locale from cookie or browser detection, if not already set in session
 if (empty($_SESSION['locale'])) {
-    $_SESSION['locale'] = detectBrowserLocale();
+    if (isset($_COOKIE['locale']) && in_array($_COOKIE['locale'], $validLocales, true)) {
+        $_SESSION['locale'] = $_COOKIE['locale'];
+    } else {
+        $_SESSION['locale'] = detectBrowserLocale();
+        setcookie('locale', $_SESSION['locale'], time() + (86400 * 30), '/', '', false, true);
+    }
 }
 
 // Enforce only valid locale values in session
 if (!in_array($_SESSION['locale'], $validLocales, true)) {
     $_SESSION['locale'] = 'en_GB.UTF-8';
+    // Update cookie with default locale
+    setcookie('locale', $_SESSION['locale'], time() + (86400 * 30), '/', '', false, true);
 }
 
 // Apply locale settings
diff --git a/src/RaspAP/Auth/HTTPAuth.php b/src/RaspAP/Auth/HTTPAuth.php
index fe141ae0..45a268d4 100755
--- a/src/RaspAP/Auth/HTTPAuth.php
+++ b/src/RaspAP/Auth/HTTPAuth.php
@@ -79,9 +79,13 @@ class HTTPAuth
      */
     public function logout(): void
     {
+        $locale = $_SESSION['locale'] ?? 'en_GB.UTF-8'; // save locale
         session_regenerate_id(true); // generate a new session id
         session_unset(); // unset all session variables
         session_destroy(); // destroy the session
+        session_start();
+        $_SESSION['locale'] = $locale;
+        setcookie('locale', $locale, time() + (86400 * 30), '/', '', false, true);
         $basePath = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/');
         $redirectUrl = $_SERVER['REQUEST_URI'];
         if (strpos($redirectUrl, '/login') === false) {