mirror of
https://github.com/Froxlor/Froxlor.git
synced 2024-09-21 10:27:29 +00:00
set php session security related settings (correctly in every case)
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
parent
ec1c37aa06
commit
4b22470872
@ -28,6 +28,12 @@ if ($action == '') {
|
||||
}
|
||||
|
||||
if (session_status() == PHP_SESSION_NONE) {
|
||||
ini_set("session.name", "s");
|
||||
ini_set("url_rewriter.tags", "");
|
||||
ini_set("session.use_cookies", false);
|
||||
ini_set("session.cookie_httponly", true);
|
||||
ini_set("session.cookie_secure", $is_ssl);
|
||||
session_id($s);
|
||||
session_start();
|
||||
}
|
||||
|
||||
|
@ -161,7 +161,9 @@ $idna_convert = new \Froxlor\Idna\IdnaWrapper();
|
||||
/**
|
||||
* If Froxlor was called via HTTPS -> enforce it for the next time by settings HSTS header according to settings
|
||||
*/
|
||||
$is_ssl = false;
|
||||
if (isset($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) {
|
||||
$is_ssl = true;
|
||||
$maxage = Settings::Get('system.hsts_maxage');
|
||||
if (empty($maxage)) {
|
||||
$maxage = 0;
|
||||
@ -217,6 +219,8 @@ if (isset($s) && $s != "" && $nosession != 1) {
|
||||
ini_set("session.name", "s");
|
||||
ini_set("url_rewriter.tags", "");
|
||||
ini_set("session.use_cookies", false);
|
||||
ini_set("session.cookie_httponly", true);
|
||||
ini_set("session.cookie_secure", $is_ssl);
|
||||
session_id($s);
|
||||
session_start();
|
||||
$query = "SELECT `s`.*, `u`.* FROM `" . TABLE_PANEL_SESSIONS . "` `s` LEFT JOIN `";
|
||||
|
Loading…
Reference in New Issue
Block a user