summaryrefslogtreecommitdiff
path: root/app/Core/Session.php
diff options
context:
space:
mode:
Diffstat (limited to 'app/Core/Session.php')
-rw-r--r--app/Core/Session.php12
1 files changed, 5 insertions, 7 deletions
diff --git a/app/Core/Session.php b/app/Core/Session.php
index e50c36b3..3305eca3 100644
--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@@ -36,14 +36,9 @@ class Session
*
* @access public
* @param string $base_path Cookie path
- * @param string $save_path Custom session save path
*/
- public function open($base_path = '/', $save_path = '')
+ public function open($base_path = '/')
{
- if ($save_path !== '') {
- session_save_path($save_path);
- }
-
// HttpOnly and secure flags for session cookie
session_set_cookie_params(
self::SESSION_LIFETIME,
@@ -56,12 +51,15 @@ class Session
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
+ // Enable strict mode
+ ini_set('session.use_strict_mode', '1');
+
// Ensure session ID integrity
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '32');
ini_set('session.hash_bits_per_character', 6);
- // If session was autostarted with session.auto_start = 1 in php.ini destroy it, otherwise we cannot login
+ // If session was autostarted with session.auto_start = 1 in php.ini destroy it
if (isset($_SESSION)) {
session_destroy();
}