fix session security issue (same session on multiple instances)

author: Philip Häusler <msquare@notrademark.de> 2014-09-20 18:31:59 +0200
committer: Philip Häusler <msquare@notrademark.de> 2014-09-20 18:31:59 +0200
commit: 50fea6d371492741f442067199d7c32c3432d6e0 (patch)
tree: 3374588e9a27b3819c608da29fbbb504ff3debe9 /includes/helper
parent: dd3de2d47d7632d12b11cc9b5beb1a373e78a2c8 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/includes/helper/session_helper.php b/includes/helper/session_helper.php
new file mode 100644
index 00000000..4063ff69
--- /dev/null
+++ b/includes/helper/session_helper.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Set lifetime of php session.
+ *
+ * @param int $lifetime
+ *          Lifetime in minutes
+ * @param string $application_name
+ *          Name of the application
+ */
+function session_lifetime($lifetime, $application_name) {
+  // Set session save path and name
+  $session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name;
+  if (! file_exists($session_save_path))
+    mkdir($session_save_path);
+  if (file_exists($session_save_path))
+    session_save_path($session_save_path);
+  session_name($application_name);
+  
+  // Set session lifetime
+  ini_set('session.gc_maxlifetime', $lifetime * 60);
+  ini_set('session.gc_probability', 1);
+  ini_set('session.gc_divisor', 100);
+  
+  // Cookie settings (lifetime)
+  ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug'])));
+  ini_set('session.use_only_cookies', true);
+  ini_set('session.cookie_lifetime', $lifetime * 60);
+}
+
+?>
+\ No newline at end of file
author	Philip Häusler <msquare@notrademark.de>	2014-09-20 18:31:59 +0200
committer	Philip Häusler <msquare@notrademark.de>	2014-09-20 18:31:59 +0200
commit	50fea6d371492741f442067199d7c32c3432d6e0 (patch)
tree	3374588e9a27b3819c608da29fbbb504ff3debe9 /includes/helper
parent	dd3de2d47d7632d12b11cc9b5beb1a373e78a2c8 (diff)