This commit is contained in:
@@ -6,14 +6,11 @@ function secure_session_start(): void
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|
|
||||||
|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
|
|
||||||
|
|
||||||
session_set_cookie_params([
|
session_set_cookie_params([
|
||||||
'lifetime' => 0,
|
'lifetime' => 0,
|
||||||
'path' => '/',
|
'path' => '/',
|
||||||
'domain' => '',
|
'domain' => '',
|
||||||
'secure' => $is_https,
|
'secure' => true,
|
||||||
'httponly' => true,
|
'httponly' => true,
|
||||||
'samesite' => 'Lax',
|
'samesite' => 'Lax',
|
||||||
]);
|
]);
|
||||||
@@ -245,13 +242,10 @@ function clear_rate_limit(mysqli $conn, string $bucket, string $identifier = '')
|
|||||||
|
|
||||||
function set_secure_cookie(string $name, string $value, int $expires): void
|
function set_secure_cookie(string $name, string $value, int $expires): void
|
||||||
{
|
{
|
||||||
$is_https = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|
|
||||||
|| (isset($_SERVER['SERVER_PORT']) && (int) $_SERVER['SERVER_PORT'] === 443);
|
|
||||||
|
|
||||||
setcookie($name, $value, [
|
setcookie($name, $value, [
|
||||||
'expires' => $expires,
|
'expires' => $expires,
|
||||||
'path' => '/',
|
'path' => '/',
|
||||||
'secure' => $is_https,
|
'secure' => true,
|
||||||
'httponly' => true,
|
'httponly' => true,
|
||||||
'samesite' => 'Lax',
|
'samesite' => 'Lax',
|
||||||
]);
|
]);
|
||||||
|
|||||||
@@ -35,6 +35,13 @@ $data = json_decode($response, true);
|
|||||||
if (isset($data['status'])) {
|
if (isset($data['status'])) {
|
||||||
if ($data['status'] == "success") {
|
if ($data['status'] == "success") {
|
||||||
// Successful authentication: login the user
|
// Successful authentication: login the user
|
||||||
|
session_set_cookie_params([
|
||||||
|
'lifetime' => 0,
|
||||||
|
'path' => '/',
|
||||||
|
'secure' => true,
|
||||||
|
'httponly' => true,
|
||||||
|
'samesite' => 'Lax',
|
||||||
|
]);
|
||||||
session_start();
|
session_start();
|
||||||
$_SESSION["username"] = $data["username"];
|
$_SESSION["username"] = $data["username"];
|
||||||
$_SESSION["id"] = $data["id"];
|
$_SESSION["id"] = $data["id"];
|
||||||
|
|||||||
+3
-3
@@ -1368,7 +1368,7 @@ session.use_strict_mode = 0
|
|||||||
session.use_cookies = 1
|
session.use_cookies = 1
|
||||||
|
|
||||||
; http://php.net/session.cookie-secure
|
; http://php.net/session.cookie-secure
|
||||||
;session.cookie_secure =
|
session.cookie_secure = 1
|
||||||
|
|
||||||
; This option forces PHP to fetch and use a cookie for storing and maintaining
|
; This option forces PHP to fetch and use a cookie for storing and maintaining
|
||||||
; the session id. We encourage this operation as it's very helpful in combating
|
; the session id. We encourage this operation as it's very helpful in combating
|
||||||
@@ -1400,13 +1400,13 @@ session.cookie_domain =
|
|||||||
; Whether or not to add the httpOnly flag to the cookie, which makes it
|
; Whether or not to add the httpOnly flag to the cookie, which makes it
|
||||||
; inaccessible to browser scripting languages such as JavaScript.
|
; inaccessible to browser scripting languages such as JavaScript.
|
||||||
; http://php.net/session.cookie-httponly
|
; http://php.net/session.cookie-httponly
|
||||||
session.cookie_httponly =
|
session.cookie_httponly = 1
|
||||||
|
|
||||||
; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
|
; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
|
||||||
; Current valid values are "Strict", "Lax" or "None". When using "None",
|
; Current valid values are "Strict", "Lax" or "None". When using "None",
|
||||||
; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
|
; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
|
||||||
; https://tools.ietf.org/html/draft-west-first-party-cookies-07
|
; https://tools.ietf.org/html/draft-west-first-party-cookies-07
|
||||||
session.cookie_samesite =
|
session.cookie_samesite = Lax
|
||||||
|
|
||||||
; Handler used to serialize data. php is the standard serializer of PHP.
|
; Handler used to serialize data. php is the standard serializer of PHP.
|
||||||
; http://php.net/session.serialize-handler
|
; http://php.net/session.serialize-handler
|
||||||
|
|||||||
Reference in New Issue
Block a user