fix siteid cookie to secure

This commit is contained in:
Josh North 2021-10-18 13:21:59 -04:00
parent 1bb93c8f4e
commit 075c4a8a06

View File

@ -15,11 +15,24 @@
* You should have received a copy of the GNU General Public License * You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION
ini_set('session.gc_probability', 1); // GC RATES
ini_set('session.gc_divisor', 100); // TIMES
ini_set('session.use_cookies', '1');
ini_set('session.use_only_cookies', '0');
ini_set('session.cookie_lifetime', '0');
ini_set('session.cookie_secure', '1');
ini_set('session.cookie_httponly', '1');
ini_set('session.cookie_samesite', 'Strict');
session_save_path('.tmp'); // TEMP
spl_autoload_register();
session_start(); // START
require_once __DIR__ . '/autoload.php'; // AUTOLOAD require_once __DIR__ . '/autoload.php'; // AUTOLOAD
use App\LobbySIO\Misc\Csrf; // ANTICSRF require_once __DIR__ . '/src/Misc/defuse-crypto.phar';
use App\LobbySIO\Config\Registry; use App\LobbySIO\Config\Registry;
use Defuse\Crypto\Crypto;
$Users = new \App\LobbySIO\Database\Users(); $Users = new \App\LobbySIO\Database\Users();
use App\LobbySIO\Misc\Csrf; // ANTICSRF
if (Registry::AUTHMETHOD == 'SAML') { if (Registry::AUTHMETHOD == 'SAML') {
//simplesaml //simplesaml
require_once('../simplesamlphp/lib/_autoload.php'); require_once('../simplesamlphp/lib/_autoload.php');