summaryrefslogtreecommitdiff
path: root/includes/helper
diff options
context:
space:
mode:
authorPhilip Häusler <msquare@notrademark.de>2014-09-20 18:31:59 +0200
committerPhilip Häusler <msquare@notrademark.de>2014-09-20 18:31:59 +0200
commit50fea6d371492741f442067199d7c32c3432d6e0 (patch)
tree3374588e9a27b3819c608da29fbbb504ff3debe9 /includes/helper
parentdd3de2d47d7632d12b11cc9b5beb1a373e78a2c8 (diff)
fix session security issue (same session on multiple instances)
Diffstat (limited to 'includes/helper')
-rw-r--r--includes/helper/session_helper.php30
1 files changed, 30 insertions, 0 deletions
diff --git a/includes/helper/session_helper.php b/includes/helper/session_helper.php
new file mode 100644
index 00000000..4063ff69
--- /dev/null
+++ b/includes/helper/session_helper.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * Set lifetime of php session.
+ *
+ * @param int $lifetime
+ * Lifetime in minutes
+ * @param string $application_name
+ * Name of the application
+ */
+function session_lifetime($lifetime, $application_name) {
+ // Set session save path and name
+ $session_save_path = rtrim(session_save_path(), '/') . '/' . $application_name;
+ if (! file_exists($session_save_path))
+ mkdir($session_save_path);
+ if (file_exists($session_save_path))
+ session_save_path($session_save_path);
+ session_name($application_name);
+
+ // Set session lifetime
+ ini_set('session.gc_maxlifetime', $lifetime * 60);
+ ini_set('session.gc_probability', 1);
+ ini_set('session.gc_divisor', 100);
+
+ // Cookie settings (lifetime)
+ ini_set('session.cookie_secure', ! (preg_match("/^localhost/", $_SERVER["HTTP_HOST"]) || isset($_GET['debug'])));
+ ini_set('session.use_only_cookies', true);
+ ini_set('session.cookie_lifetime', $lifetime * 60);
+}
+
+?> \ No newline at end of file