fix session security issue (same session on multiple instances)

includes/helper/session_helper.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * Set lifetime of php session.
+ *
+ * @param int $lifetime
+ *          Lifetime in minutes
+ * @param string $application_name
+ *          Name of the application
+ */
+function session_lifetime($lifetime, $application_name) {
+  // Set session save path and name
+  $session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name;
+  if (! file_exists($session_save_path))
+    mkdir($session_save_path);
+  if (file_exists($session_save_path))
+    session_save_path($session_save_path);
+  session_name($application_name);
+  
+  // Set session lifetime
+  ini_set('session.gc_maxlifetime', $lifetime * 60);
+  ini_set('session.gc_probability', 1);
+  ini_set('session.gc_divisor', 100);
+  
+  // Cookie settings (lifetime)
+  ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug'])));
+  ini_set('session.use_only_cookies', true);
+  ini_set('session.cookie_lifetime', $lifetime * 60);
+}
+
+?>

public/index.php

@@ -35,6 +35,7 @@ require_once realpath(__DIR__ . '/../includes/helper/internationalization_helper
 require_once realpath(__DIR__ . '/../includes/helper/message_helper.php');
 require_once realpath(__DIR__ . '/../includes/helper/error_helper.php');
 require_once realpath(__DIR__ . '/../includes/helper/email_helper.php');
+require_once realpath(__DIR__ . '/../includes/helper/session_helper.php');
 
 require_once realpath(__DIR__ . '/../config/config.default.php');
 if (file_exists(realpath(__DIR__ . '/../config/config.php')))
@@ -60,6 +61,7 @@ require_once realpath(__DIR__ . '/../includes/pages/user_shifts.php');
 
 require_once realpath(__DIR__ . '/../vendor/parsedown/Parsedown.php');
 
+session_lifetime(24*60, preg_replace("/[^a-z0-9-]/", '', $_SERVER['REQUEST_URI']));
 session_start();
 
 gettext_init();