mirror/php-auth
1
0
Fork 0
mirror of https://github.com/delight-im/PHP-Auth.git synced 2025-08-02 14:17:26 +02:00
Code Issues Releases Wiki Activity

Only configure and start session if not already started

Browse Source
This commit is contained in:
Marco
2018-03-12 22:29:56 +01:00
parent 8f35cc9965
commit e7e174b05d
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Auth.php
View File

@@ -48,7 +48,7 @@ final class Auth extends UserManager {
$this->sessionResyncInterval = isset($sessionResyncInterval) ? ((int) $sessionResyncInterval) : (60 * 5); $this->sessionResyncInterval = isset($sessionResyncInterval) ? ((int) $sessionResyncInterval) : (60 * 5);
$this->rememberCookieName = self::createRememberCookieName(); $this->rememberCookieName = self::createRememberCookieName();
$this->initSession(); $this->initSessionIfNecessary();
$this->enhanceHttpSecurity(); $this->enhanceHttpSecurity();
$this->processRememberDirective(); $this->processRememberDirective();
@@ -56,16 +56,18 @@ final class Auth extends UserManager {
} }
/** Initializes the session and sets the correct configuration */ /** Initializes the session and sets the correct configuration */
private function initSession() { private function initSessionIfNecessary() {
// use cookies to store session IDs if (\session_status() === \PHP_SESSION_NONE) {
\ini_set('session.use_cookies', 1); // use cookies to store session IDs
// use cookies only (do not send session IDs in URLs) \ini_set('session.use_cookies', 1);
\ini_set('session.use_only_cookies', 1); // use cookies only (do not send session IDs in URLs)
// do not send session IDs in URLs \ini_set('session.use_only_cookies', 1);
\ini_set('session.use_trans_sid', 0); // do not send session IDs in URLs
\ini_set('session.use_trans_sid', 0);
// start the session (requests a cookie to be written on the client) // start the session (requests a cookie to be written on the client)
@Session::start(); @Session::start();
}
} }
/** Improves the application's security over HTTP(S) by setting specific headers */ /** Improves the application's security over HTTP(S) by setting specific headers */