From a26c15752e93b806ebb2070b899707c4463f91ff Mon Sep 17 00:00:00 2001 From: Josh North Date: Mon, 18 Oct 2021 09:39:55 -0400 Subject: [PATCH] Encrypt fixes, add carnum options, remove debug lines --- .htaccess | 3 +++ changeaccess.php | 12 +----------- inc/header.inc.php | 1 + 3 files changed, 5 insertions(+), 11 deletions(-) diff --git a/.htaccess b/.htaccess index 34095b1..9b0b715 100644 --- a/.htaccess +++ b/.htaccess @@ -7,3 +7,6 @@ Header append X-Content-Type-Options "nosniff" Header always set Strict-Transport-Security "max-age=604800; includeSubDomains" Header set X-Content-Type-Options nosniff + + Header edit Set-Cookie ^(.*)$ $1;SameSite=Strict + diff --git a/changeaccess.php b/changeaccess.php index 7348d72..5d12fc3 100644 --- a/changeaccess.php +++ b/changeaccess.php @@ -15,17 +15,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ - ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION - ini_set('session.gc_probability', 1); // GC RATES - ini_set('session.gc_divisor', 100); // TIMES - ini_set('session.use_cookies', '1'); - ini_set('session.use_only_cookies', '1'); - ini_set('session.cookie_lifetime', '0'); - ini_set('session.cookie_secure', '0'); - ini_set('session.cookie_httponly', '1'); - ini_set('session.cookie_samesite', 'Strict'); - session_save_path('.tmp'); // TEMP - session_start(); // START + require_once __DIR__ . '/autoload.php'; // AUTOLOAD use App\LobbySIO\Misc\Csrf; // ANTICSRF use App\LobbySIO\Config\Registry; diff --git a/inc/header.inc.php b/inc/header.inc.php index 3f68e64..7f83911 100644 --- a/inc/header.inc.php +++ b/inc/header.inc.php @@ -15,6 +15,7 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ + // START //ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION //ini_set('session.gc_probability', 1); // GC RATES