Version 1.1.7 Removed session and improved security

system/Controllers/AuthController.php

@@ -34,7 +34,7 @@ class AuthController extends Controller
 	*/
 	
 	public function show(Request $request, Response $response, $args)
-	{
+	{	
 		$data 			= array();
 
 		/* check previous login attemps */		
@@ -63,7 +63,7 @@ class AuthController extends Controller
 			}
 		}
 
-		$this->c->view->render($response, '/auth/login.twig', $data);
+		$this->render($response, '/auth/login.twig', $data);
 	}
 	
 	/**

system/Controllers/Controller.php

@@ -18,9 +18,17 @@ abstract class Controller
 	protected function render($response, $route, $data)
 	{
 		$data = $this->c->dispatcher->dispatch('onPageReady', new OnPageReady($data))->getData();
-
-		unset($_SESSION['old']);
 		
+		if(isset($_SESSION['old']))
+		{
+			unset($_SESSION['old']);
+		}
+		
+		if($this->c->request->getUri()->getScheme() == 'https')
+		{
+			$response = $response->withAddedHeader('Strict-Transport-Security', 'max-age=63072000');			
+		}
+			
 		$response = $response->withAddedHeader('X-Content-Type-Options', 'nosniff');
 		$response = $response->withAddedHeader('X-Frame-Options', 'SAMEORIGIN');
 		$response = $response->withAddedHeader('X-XSS-Protection', '1;mode=block');