Store PHP sessions in the database

author: Frédéric Guillot <fred@kanboard.net> 2017-12-06 16:19:11 -0800
committer: Frédéric Guillot <fguillot@apple.com> 2017-12-12 15:04:28 -0800
commit: ccd177ada6823c27a6408427f19c238fd701c39e (patch)
tree: 9846c792bd4c4f9318768f00db0e8f00cc25954b /app/Core/Security/Token.php
parent: 421531bd4f0af6a26e0b7971e23d5af1d5cf7d05 (diff)
1 files changed, 7 insertions, 5 deletions
diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php
index cbd784a8..9b0c5769 100644
--- a/app/Core/Security/Token.php
+++ b/app/Core/Security/Token.php
@@ -32,12 +32,12 @@ class Token extends Base
      */
     public function getCSRFToken()
     {
-        if (! isset($this->sessionStorage->csrf)) {
-            $this->sessionStorage->csrf = array();
+        if (! session_exists('csrf')) {
+            session_set('csrf', []);
         }
 
         $nonce = self::getToken();
-        $this->sessionStorage->csrf[$nonce] = true;
+        session_merge('csrf', [$nonce => true]);
 
         return $nonce;
     }
@@ -51,8 +51,10 @@ class Token extends Base
      */
     public function validateCSRFToken($token)
     {
-        if (isset($this->sessionStorage->csrf[$token])) {
-            unset($this->sessionStorage->csrf[$token]);
+        $tokens = session_get('csrf');
+        if (isset($tokens[$token])) {
+            unset($tokens[$token]);
+            session_set('csrf', $tokens);
             return true;
         }
author	Frédéric Guillot <fred@kanboard.net>	2017-12-06 16:19:11 -0800
committer	Frédéric Guillot <fguillot@apple.com>	2017-12-12 15:04:28 -0800
commit	ccd177ada6823c27a6408427f19c238fd701c39e (patch)
tree	9846c792bd4c4f9318768f00db0e8f00cc25954b /app/Core/Security/Token.php
parent	421531bd4f0af6a26e0b7971e23d5af1d5cf7d05 (diff)