Pro-Idler/BinStack
1
0
Fork 0
forked from Business/BinStack
Code Issues Pull Requests Projects Releases Wiki Activity

Change session ID on successful login, make sessions last at least 2 hours

Browse Source
This commit is contained in:
Skylar Ittner 2018-05-15 13:44:43 -06:00
parent 58a991cbd0
commit be34857d71
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/login.php
View File

@ -247,6 +247,11 @@ function doLoginUser($username) {
if ($resp['status'] == "OK") { if ($resp['status'] == "OK") {
$userinfo = $resp['data']; $userinfo = $resp['data'];
session_regenerate_id(true);
$newSession = session_id();
session_write_close();
session_id($newSession);
session_start();
$_SESSION['username'] = $username; $_SESSION['username'] = $username;
$_SESSION['uid'] = $userinfo['uid']; $_SESSION['uid'] = $userinfo['uid'];
$_SESSION['email'] = $userinfo['email']; $_SESSION['email'] = $userinfo['email'];

5
required.php
View File

@ -24,12 +24,13 @@ header('X-Frame-Options: "DENY"');
header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"'); header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
$SECURE_NONCE = base64_encode(random_bytes(8)); $SECURE_NONCE = base64_encode(random_bytes(8));
$session_length = 60 * 60; // 1 hour $session_length = 60 * 60 * 2; // 2 hours
ini_set('session.gc_maxlifetime', $session_length);
session_set_cookie_params($session_length, "/", null, false, false); session_set_cookie_params($session_length, "/", null, false, false);
session_start(); // stick some cookies in it session_start(); // stick some cookies in it
// renew session cookie // renew session cookie
setcookie(session_name(), session_id(), time() + $session_length); //setcookie(session_name(), session_id(), time() + $session_length);
$captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : ""); $captcha_server = (CAPTCHA_ENABLED === true ? preg_replace("/http(s)?:\/\//", "", CAPTCHA_SERVER) : "");
if ($_SESSION['mobile'] === TRUE) { if ($_SESSION['mobile'] === TRUE) {