diff options
| author | Frédéric Guillot <fred@kanboard.net> | 2014-11-29 17:18:23 -0500 |
|---|---|---|
| committer | Frédéric Guillot <fred@kanboard.net> | 2014-11-29 17:18:23 -0500 |
| commit | e72327d4b1fd92675372a118052f1c9847f882dc (patch) | |
| tree | 8147a3ae0c6304769b8da747626467f032d1f171 /app/Core | |
| parent | 7d36747de634f7101bdaeed38e634adbc5f11b02 (diff) | |
Improve session handler and add Ajax session check
Diffstat (limited to 'app/Core')
| -rw-r--r-- | app/Core/Session.php | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/app/Core/Session.php b/app/Core/Session.php index e50c36b3..3305eca3 100644 --- a/app/Core/Session.php +++ b/app/Core/Session.php @@ -36,14 +36,9 @@ class Session * * @access public * @param string $base_path Cookie path - * @param string $save_path Custom session save path */ - public function open($base_path = '/', $save_path = '') + public function open($base_path = '/') { - if ($save_path !== '') { - session_save_path($save_path); - } - // HttpOnly and secure flags for session cookie session_set_cookie_params( self::SESSION_LIFETIME, @@ -56,12 +51,15 @@ class Session // Avoid session id in the URL ini_set('session.use_only_cookies', '1'); + // Enable strict mode + ini_set('session.use_strict_mode', '1'); + // Ensure session ID integrity ini_set('session.entropy_file', '/dev/urandom'); ini_set('session.entropy_length', '32'); ini_set('session.hash_bits_per_character', 6); - // If session was autostarted with session.auto_start = 1 in php.ini destroy it, otherwise we cannot login + // If session was autostarted with session.auto_start = 1 in php.ini destroy it if (isset($_SESSION)) { session_destroy(); } |