From e72327d4b1fd92675372a118052f1c9847f882dc Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Sat, 29 Nov 2014 17:18:23 -0500 Subject: Improve session handler and add Ajax session check --- app/Core/Session.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'app/Core') diff --git a/app/Core/Session.php b/app/Core/Session.php index e50c36b3..3305eca3 100644 --- a/app/Core/Session.php +++ b/app/Core/Session.php @@ -36,14 +36,9 @@ class Session * * @access public * @param string $base_path Cookie path - * @param string $save_path Custom session save path */ - public function open($base_path = '/', $save_path = '') + public function open($base_path = '/') { - if ($save_path !== '') { - session_save_path($save_path); - } - // HttpOnly and secure flags for session cookie session_set_cookie_params( self::SESSION_LIFETIME, @@ -56,12 +51,15 @@ class Session // Avoid session id in the URL ini_set('session.use_only_cookies', '1'); + // Enable strict mode + ini_set('session.use_strict_mode', '1'); + // Ensure session ID integrity ini_set('session.entropy_file', '/dev/urandom'); ini_set('session.entropy_length', '32'); ini_set('session.hash_bits_per_character', 6); - // If session was autostarted with session.auto_start = 1 in php.ini destroy it, otherwise we cannot login + // If session was autostarted with session.auto_start = 1 in php.ini destroy it if (isset($_SESSION)) { session_destroy(); } -- cgit v1.2.3