lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-14 16:44:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

csrf/cookie, fix Secure Attribute and align session cookie in authgui.inc

Browse Source
This commit is contained in:
Ad Schellevis 2017-07-03 19:17:13 +02:00
parent ac75ef6f10
commit 73dbbcd72c
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/etc/inc/authgui.inc
View File

@ -170,7 +170,8 @@ function session_auth(&$Login_Error)
if (session_status() == PHP_SESSION_NONE) {
if (session_start()) {
$sess_name = session_name();
setcookie($sess_name, session_id(), null, '/', null, null, ($config['system']['webgui']['protocol'] == "https"));
$secure = $config['system']['webgui']['protocol'] == "https";
setcookie(session_name(), session_id(), null, '/', null, $secure, true);
}
}

7
src/www/csrf.inc
View File

@ -43,11 +43,14 @@ class LegacyCSRF
private function Session()
{
global $config;
if ($this->session == null) {
$this->session = new Phalcon\Session\Adapter\Files();
$this->session->start();
$secure = $config['system']['webgui']['protocol'] == 'https';
setcookie(session_name(), session_id(), null, '/', null, $secure, true);
if (!isset($_COOKIE[session_name()])) {
$secure = $config['system']['webgui']['protocol'] == 'https';
setcookie(session_name(), session_id(), null, '/', null, $secure, true);
}
$this->di->setShared('session', $this->session);
}
}