Rewrite of session management

author: Frederic Guillot <fred@kanboard.net> 2015-11-15 12:50:33 -0500
committer: Frederic Guillot <fred@kanboard.net> 2015-11-15 12:50:33 -0500
commit: a675271ad71b7713d1b33bdba3c51b2b04813229 (patch)
tree: e54d8a95e16ca521193b9fd5a5eb071aa2910823 /app/Core/Security
parent: 2fc402f6733573627ad25394d109b9f848ef04f6 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/app/Core/Security/Token.php b/app/Core/Security/Token.php
index 7aca08af..2bb66ef2 100644
--- a/app/Core/Security/Token.php
+++ b/app/Core/Security/Token.php
@@ -38,12 +38,12 @@ class Token extends Base
      */
     public function getCSRFToken()
     {
-        if (! isset($_SESSION['csrf_tokens'])) {
-            $_SESSION['csrf_tokens'] = array();
+        if (! isset($this->sessionStorage->csrf)) {
+            $this->sessionStorage->csrf = array();
         }
 
         $nonce = self::getToken();
-        $_SESSION['csrf_tokens'][$nonce] = true;
+        $this->sessionStorage->csrf[$nonce] = true;
 
         return $nonce;
     }
@@ -57,8 +57,8 @@ class Token extends Base
      */
     public function validateCSRFToken($token)
     {
-        if (isset($_SESSION['csrf_tokens'][$token])) {
-            unset($_SESSION['csrf_tokens'][$token]);
+        if (isset($this->sessionStorage->csrf[$token])) {
+            unset($this->sessionStorage->csrf[$token]);
             return true;
         }
author	Frederic Guillot <fred@kanboard.net>	2015-11-15 12:50:33 -0500
committer	Frederic Guillot <fred@kanboard.net>	2015-11-15 12:50:33 -0500
commit	a675271ad71b7713d1b33bdba3c51b2b04813229 (patch)
tree	e54d8a95e16ca521193b9fd5a5eb071aa2910823 /app/Core/Security
parent	2fc402f6733573627ad25394d109b9f848ef04f6 (diff)