Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-02-01 05:44:41 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Secure user session

Browse Source
This commit is contained in:
Fedor A. Fetisov 2013-10-29 02:36:34 +04:00
parent a4449482e3
commit 7e4a380320
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/mibew/libs/init.php
View File

@ -18,9 +18,6 @@
// Prevent Mibew from access to files outside the installation // Prevent Mibew from access to files outside the installation
ini_set('open_basedir', dirname(dirname(__FILE__))); ini_set('open_basedir', dirname(dirname(__FILE__)));
// Initialize user session
session_start();
// Include configuration file // Include configuration file
require_once(dirname(__FILE__).'/config.php'); require_once(dirname(__FILE__).'/config.php');
@ -49,6 +46,16 @@ require_once(dirname(__FILE__).'/common/request.php');
require_once(dirname(__FILE__).'/common/response.php'); require_once(dirname(__FILE__).'/common/response.php');
require_once(dirname(__FILE__).'/common/string.php'); require_once(dirname(__FILE__).'/common/string.php');
// Make session cookie more secure
@ini_set('session.cookie_httponly', TRUE);
if (is_secure_request()) {
@ini_set('session.cookie_secure', TRUE);
}
@ini_set('session.cookie_path', "$mibewroot/");
@ini_set('session.name', 'MibewSessionID');
// Initialize user session
session_start();
// Initialize the database // Initialize the database
Database::initialize( Database::initialize(