fix session security issue (same session on multiple instances)

This commit is contained in:
Philip Häusler 2014-09-20 18:31:59 +02:00
parent dd3de2d47d
commit 50fea6d371
2 changed files with 32 additions and 0 deletions

View File

@ -0,0 +1,30 @@
<?php
/**
* Set lifetime of php session.
*
* @param int $lifetime
* Lifetime in minutes
* @param string $application_name
* Name of the application
*/
function session_lifetime($lifetime, $application_name) {
// Set session save path and name
$session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name;
if (! file_exists($session_save_path))
mkdir($session_save_path);
if (file_exists($session_save_path))
session_save_path($session_save_path);
session_name($application_name);
// Set session lifetime
ini_set('session.gc_maxlifetime', $lifetime * 60);
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
// Cookie settings (lifetime)
ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug'])));
ini_set('session.use_only_cookies', true);
ini_set('session.cookie_lifetime', $lifetime * 60);
}
?>

View File

@ -35,6 +35,7 @@ require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper
require_once realpath(__DIR__ . '/../includes/helper/message_helper.php'); require_once realpath(__DIR__ . '/../includes/helper/message_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/error_helper.php'); require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/email_helper.php'); require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');
require_once realpath(__DIR__ . '/../includes/helper/session_helper.php');
require_once realpath(__DIR__ . '/../config/config.default.php'); require_once realpath(__DIR__ . '/../config/config.default.php');
if (file_exists(realpath(__DIR__ . '/../config/config.php'))) if (file_exists(realpath(__DIR__ . '/../config/config.php')))
@ -60,6 +61,7 @@ require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php');
require_once realpath(__DIR__ . '/../vendor/parsedown/Parsedown.php'); require_once realpath(__DIR__ . '/../vendor/parsedown/Parsedown.php');
session_lifetime(24*60, preg_replace("/[^a-z0-9-]/", '', $_SERVER['REQUEST_URI']));
session_start(); session_start();
gettext_init(); gettext_init();