diff options
author | Philip Häusler <msquare@notrademark.de> | 2014-09-20 18:31:59 +0200 |
---|---|---|
committer | Philip Häusler <msquare@notrademark.de> | 2014-09-20 18:31:59 +0200 |
commit | 50fea6d371492741f442067199d7c32c3432d6e0 (patch) | |
tree | 3374588e9a27b3819c608da29fbbb504ff3debe9 /includes/helper | |
parent | dd3de2d47d7632d12b11cc9b5beb1a373e78a2c8 (diff) |
fix session security issue (same session on multiple instances)
Diffstat (limited to 'includes/helper')
-rw-r--r-- | includes/helper/session_helper.php | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/includes/helper/session_helper.php b/includes/helper/session_helper.php new file mode 100644 index 00000000..4063ff69 --- /dev/null +++ b/includes/helper/session_helper.php @@ -0,0 +1,30 @@ +<?php +/** + * Set lifetime of php session. + * + * @param int $lifetime + * Lifetime in minutes + * @param string $application_name + * Name of the application + */ +function session_lifetime($lifetime, $application_name) { + // Set session save path and name + $session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name; + if (! file_exists($session_save_path)) + mkdir($session_save_path); + if (file_exists($session_save_path)) + session_save_path($session_save_path); + session_name($application_name); + + // Set session lifetime + ini_set('session.gc_maxlifetime', $lifetime * 60); + ini_set('session.gc_probability', 1); + ini_set('session.gc_divisor', 100); + + // Cookie settings (lifetime) + ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug']))); + ini_set('session.use_only_cookies', true); + ini_set('session.cookie_lifetime', $lifetime * 60); +} + +?>
\ No newline at end of file |