Update php cookies security (#1056)

* set php cookies

* update edit title doc

* add session renerate id to session createSession function

server/Dockerfile

@@ -10,3 +10,4 @@ RUN apt-get update && \
 # ENVIRONMENT VARIABLES
 ENV MYSQL_HOST opensupports-db
 ENV MYSQL_PORT 3306
+ENV IS_DOCKER 1

server/controllers/ticket/delete.php

@@ -20,7 +20,7 @@ DataValidator::with('CustomValidations', true);
  * @apiUse INVALID_TICKET
  *
  * @apiSuccess {Object} data Empty object
- *ulp d
+ *
  */
 
 class DeleteController extends Controller {

server/models/Session.php

@@ -1,5 +1,8 @@
 <?php
 
+ini_set('session.cookie_httponly', 1);
+ini_set('session.cookie_secure', getenv('IS_DOCKER') ? 0 : 1);
+
 class Session {
     use SingletonTrait;
 
@@ -31,6 +34,7 @@ class Session {
     }
 
     public function createSession($userId, $staff = false, $ticketNumber = null) {
+        session_regenerate_id();
         $this->store('userId', $userId);
         $this->store('staff', $staff);
         $this->store('ticketNumber', $ticketNumber);