fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-04-23 20:32:14 +09:00
Code Issues Projects Releases Packages Wiki Activity

Change Context::isAlwaysSSL() to config('session.use_ssl_cookies')

Browse source 
- Main session cookie is httpOnly if use_ssl is true
- SSO cookie is always httpOnly
This commit is contained in:
Kijin Sung 2018-08-06 01:23:22 +09:00
parent 2c9bb88a14
commit a49f2f5f06
8 changed files with 18 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

4
common/framework/session.php
View file

@ -80,7 +80,7 @@ class Session
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.use_strict_mode', 1);
session_set_cookie_params($lifetime, $path, null, $ssl_only, true);
session_set_cookie_params($lifetime, $path, null, $ssl_only, $ssl_only);
session_name($session_name = Config::get('session.name') ?: session_name());
// Get session ID from POST parameter if using relaxed key checks.
@ -295,7 +295,7 @@ class Session
if(!$is_default_domain && !\Context::get('sso_response') && $_COOKIE['sso'] !== md5($current_domain))
{
// Set sso cookie to prevent multiple simultaneous SSO validation requests.
setcookie('sso', md5($current_domain), 0, '/', null, \Context::isAlwaysSSL(), true);
setcookie('sso', md5($current_domain), 0, '/', null, !!config('session.use_ssl'), true);
// Redirect to the default site.
$sso_request = Security::encrypt($current_url);