tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix path, secure flag and domain of session cookies 

refs #11187
This commit is contained in:
Eric Lippmann 2016-02-27 22:24:01 +01:00
parent 5f642879c7
commit 5f43ac8f26
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
library/Icinga/Web/Session/PhpSession.php
View File

@ -5,6 +5,7 @@ namespace Icinga\Web\Session;
use Icinga\Application\Logger; use Icinga\Application\Logger;
use Icinga\Exception\ConfigurationError; use Icinga\Exception\ConfigurationError;
use Icinga\Web\Cookie;
/** /**
* Session implementation in PHP * Session implementation in PHP
@ -102,11 +103,21 @@ class PhpSession extends Session
ini_set('session.cache_limiter', null); ini_set('session.cache_limiter', null);
} }
$cookie = new Cookie('bogus');
session_set_cookie_params(
0,
$cookie->getPath(),
$cookie->getDomain(),
$cookie->isSecure(),
true
);
session_start(); session_start();
if ($this->hasBeenTouched) { if ($this->hasBeenTouched) {
ini_set('session.use_cookies', true); ini_set('session.use_cookies', true);
ini_set('session.use_only_cookies', true); ini_set('session.use_only_cookies', true);
/** @noinspection PhpUndefinedVariableInspection */
ini_set('session.cache_limiter', $cacheLimiter); ini_set('session.cache_limiter', $cacheLimiter);
} }
} }