fix session security issue (same session on multiple instances)
This commit is contained in:
parent
dd3de2d47d
commit
50fea6d371
|
@ -0,0 +1,30 @@
|
||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* Set lifetime of php session.
|
||||||
|
*
|
||||||
|
* @param int $lifetime
|
||||||
|
* Lifetime in minutes
|
||||||
|
* @param string $application_name
|
||||||
|
* Name of the application
|
||||||
|
*/
|
||||||
|
function session_lifetime($lifetime, $application_name) {
|
||||||
|
// Set session save path and name
|
||||||
|
$session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name;
|
||||||
|
if (! file_exists($session_save_path))
|
||||||
|
mkdir($session_save_path);
|
||||||
|
if (file_exists($session_save_path))
|
||||||
|
session_save_path($session_save_path);
|
||||||
|
session_name($application_name);
|
||||||
|
|
||||||
|
// Set session lifetime
|
||||||
|
ini_set('session.gc_maxlifetime', $lifetime * 60);
|
||||||
|
ini_set('session.gc_probability', 1);
|
||||||
|
ini_set('session.gc_divisor', 100);
|
||||||
|
|
||||||
|
// Cookie settings (lifetime)
|
||||||
|
ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug'])));
|
||||||
|
ini_set('session.use_only_cookies', true);
|
||||||
|
ini_set('session.cookie_lifetime', $lifetime * 60);
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
|
@ -35,6 +35,7 @@ require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper
|
||||||
require_once realpath(__DIR__ . '/../includes/helper/message_helper.php');
|
require_once realpath(__DIR__ . '/../includes/helper/message_helper.php');
|
||||||
require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
|
require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
|
||||||
require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');
|
require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');
|
||||||
|
require_once realpath(__DIR__ . '/../includes/helper/session_helper.php');
|
||||||
|
|
||||||
require_once realpath(__DIR__ . '/../config/config.default.php');
|
require_once realpath(__DIR__ . '/../config/config.default.php');
|
||||||
if (file_exists(realpath(__DIR__ . '/../config/config.php')))
|
if (file_exists(realpath(__DIR__ . '/../config/config.php')))
|
||||||
|
@ -60,6 +61,7 @@ require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php');
|
||||||
|
|
||||||
require_once realpath(__DIR__ . '/../vendor/parsedown/Parsedown.php');
|
require_once realpath(__DIR__ . '/../vendor/parsedown/Parsedown.php');
|
||||||
|
|
||||||
|
session_lifetime(24*60, preg_replace("/[^a-z0-9-]/", '', $_SERVER['REQUEST_URI']));
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
gettext_init();
|
gettext_init();
|
||||||
|
|
Loading…
Reference in New Issue