Change session ID on successful login, make sessions last at least 2 hours

master
Skylar Ittner 6 лет назад
Родитель 58a991cbd0
Коммит be34857d71

@ -247,6 +247,11 @@ function doLoginUser($username) {
if ($resp['status'] == "OK") {
$userinfo = $resp['data'];
session_regenerate_id(true);
$newSession = session_id();
session_write_close();
session_id($newSession);
session_start();
$_SESSION['username'] = $username;
$_SESSION['uid'] = $userinfo['uid'];
$_SESSION['email'] = $userinfo['email'];

@ -24,12 +24,13 @@ header('X-Frame-Options: "DENY"');
header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
$SECURE_NONCE = base64_encode(random_bytes(8));
$session_length = 60 * 60; // 1 hour
$session_length = 60 * 60 * 2; // 2 hours
ini_set('session.gc_maxlifetime', $session_length);
session_set_cookie_params($session_length, "/", null, false, false);
session_start(); // stick some cookies in it
// renew session cookie
setcookie(session_name(), session_id(), time() + $session_length);
//setcookie(session_name(), session_id(), time() + $session_length);
$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
if ($_SESSION['mobile'] === TRUE) {

Загрузка…
Отмена
Сохранить