log if the session handler fails and surface the ssl_cookie config setting

3 files changed, 5 insertions, 1 deletions

diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index ff0070d15..494c02b1d 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -27,7 +27,9 @@ class Session {
 
 		$handler = new \Zotlabs\Web\SessionHandler();
 
-		session_set_save_handler($handler,true);
+		$x = session_set_save_handler($handler,true);
+		if(! $x)
+			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
 
 		// Force cookies to be secure (https only) if this site is SSL enabled. 
 		// Must be done before session_start().
diff --git a/install/htconfig.sample.php b/install/htconfig.sample.php
index 1d9dc1a13..5e506225e 100755
--- a/install/htconfig.sample.php
+++ b/install/htconfig.sample.php
@@ -53,6 +53,7 @@ App::$config['system']['location_hash'] = 'if the auto install failed, put a uni
 
 App::$config['system']['transport_security_header'] = 1;
 App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
 
 
 // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
diff --git a/view/en/htconfig.tpl b/view/en/htconfig.tpl
index 13c5aa942..4aa6132a6 100644
--- a/view/en/htconfig.tpl
+++ b/view/en/htconfig.tpl
@@ -43,6 +43,7 @@ App::$config['system']['location_hash'] = '{{$site_id}}';
 
 App::$config['system']['transport_security_header'] = 1;
 App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
 
 // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
 // Be certain to create your own personal account before setting