aboutsummaryrefslogtreecommitdiffstats
path: root/include/session.php
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-02-24 11:20:46 -0800
committerredmatrix <git@macgirvin.com>2016-02-24 11:20:46 -0800
commitb101a8f6fb3fd3ec0d5466ba1bb7bc9dc9480fba (patch)
tree88ba8e488264e2cc829d6ad8bae373a46c9fa7b4 /include/session.php
parentd074c538897532a4ff7945c1e725c64ac264d5c2 (diff)
downloadvolse-hubzilla-b101a8f6fb3fd3ec0d5466ba1bb7bc9dc9480fba.tar.gz
volse-hubzilla-b101a8f6fb3fd3ec0d5466ba1bb7bc9dc9480fba.tar.bz2
volse-hubzilla-b101a8f6fb3fd3ec0d5466ba1bb7bc9dc9480fba.zip
missing function
Diffstat (limited to 'include/session.php')
-rw-r--r--include/session.php23
1 files changed, 19 insertions, 4 deletions
diff --git a/include/session.php b/include/session.php
index 92004bc18..182805980 100644
--- a/include/session.php
+++ b/include/session.php
@@ -1,4 +1,5 @@
<?php
+
/**
* @file include/session.php
*
@@ -14,8 +15,8 @@ $session_expire = 180000;
function new_cookie($time) {
$old_sid = session_id();
-// ??? This shouldn't have any effect if called after session_start()
-// We probably need to set the session expiration and change the PHPSESSID cookie.
+ // ??? This shouldn't have any effect if called after session_start()
+ // We probably need to set the session expiration and change the PHPSESSID cookie.
session_set_cookie_params($time);
session_regenerate_id(false);
@@ -108,8 +109,9 @@ ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_httponly', 1);
/*
- * PHP function which sets our user-level session storage functions.
+ * Set our session storage functions.
*/
+
session_set_save_handler(
'ref_session_open',
'ref_session_close',
@@ -117,4 +119,17 @@ session_set_save_handler(
'ref_session_write',
'ref_session_destroy',
'ref_session_gc'
-); \ No newline at end of file
+);
+
+
+ // Force cookies to be secure (https only) if this site is SSL enabled. Must be done before session_start().
+
+ if(intval($a->config['system']['ssl_cookie_protection'])) {
+ $arr = session_get_cookie_params();
+ session_set_cookie_params(
+ ((isset($arr['lifetime'])) ? $arr['lifetime'] : 0),
+ ((isset($arr['path'])) ? $arr['path'] : '/'),
+ ((isset($arr['domain'])) ? $arr['domain'] : $a->get_hostname()),
+ ((isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') ? true : false),
+ ((isset($arr['httponly'])) ? $arr['httponly'] : true));
+ } \ No newline at end of file