Improve session creation
This commit is contained in:
Frédéric Guillot
parent
2f6b9353d5
commit
e3ff52ad89
|
|
@ -57,7 +57,7 @@ abstract class Base
|
|||
|
||||
public function beforeAction($controller, $action)
|
||||
{
|
||||
$this->session->open(dirname($_SERVER['PHP_SELF']));
|
||||
$this->session->open(dirname($_SERVER['PHP_SELF']), SESSION_SAVE_PATH);
|
||||
|
||||
if (! isset($_SESSION['user']) && ! $this->noAuthAllowed($controller, $action)) {
|
||||
$this->response->redirect('?controller=user&action=login');
|
||||
|
|
|
|||
|
|
@ -9,5 +9,8 @@ if (file_exists('config.php')) require 'config.php';
|
|||
// Auto-refresh frequency in seconds for the public board view
|
||||
defined('AUTO_REFRESH_DURATION') or define('AUTO_REFRESH_DURATION', 60);
|
||||
|
||||
// Custom session save path
|
||||
defined('SESSION_SAVE_PATH') or define('SESSION_SAVE_PATH', '');
|
||||
|
||||
$router = new Router;
|
||||
$router->execute();
|
||||
|
|
|
|||
|
|
@ -2,21 +2,39 @@
|
|||
|
||||
class Session
|
||||
{
|
||||
const SESSION_LIFETIME = 2678400;
|
||||
const SESSION_LIFETIME = 2678400; // 31 days
|
||||
|
||||
public function open($base_path = '/', $save_path = '')
|
||||
{
|
||||
if ($save_path !== '') session_save_path($save_path);
|
||||
|
||||
// HttpOnly and secure flags for session cookie
|
||||
session_set_cookie_params(
|
||||
self::SESSION_LIFETIME,
|
||||
$base_path,
|
||||
$base_path ?: '/',
|
||||
null,
|
||||
isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on',
|
||||
true
|
||||
);
|
||||
|
||||
// Avoid session id in the URL
|
||||
ini_set('session.use_only_cookies', true);
|
||||
|
||||
// Ensure session ID integrity
|
||||
ini_set('session.entropy_file', '/dev/urandom');
|
||||
ini_set('session.entropy_length', '32');
|
||||
ini_set('session.hash_bits_per_character', 6);
|
||||
|
||||
// Custom session name
|
||||
session_name('__S');
|
||||
|
||||
session_start();
|
||||
|
||||
// Regenerate the session id to avoid session fixation issue
|
||||
if (empty($_SESSION['__validated'])) {
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['__validated'] = 1;
|
||||
}
|
||||
}
|
||||
|
||||
public function close()
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ class User extends Base
|
|||
new Validators\MinLength('password', t('The minimum length is %d characters', 6), 6),
|
||||
new Validators\Required('confirmation', t('The confirmation is required')),
|
||||
new Validators\Equals('password', 'confirmation', t('Passwords doesn\'t matches')),
|
||||
new Validators\Integer('default_project_id', t('The value must be an integer')),
|
||||
new Validators\Integer('default_project_id', t('This value must be an integer')),
|
||||
new Validators\Integer('is_admin', t('This value must be an integer')),
|
||||
));
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue