1
0
mirror of https://github.com/typemill/typemill.git synced 2025-07-31 19:30:40 +02:00

Add secure session

This commit is contained in:
trendschau
2023-11-21 18:36:54 +01:00
parent 7d5d89e31c
commit 77445f575d
3 changed files with 19 additions and 13 deletions

View File

@@ -14,18 +14,24 @@ class SessionMiddleware implements MiddlewareInterface
protected $segments;
protected $route;
protected $uri;
public function __construct($segments, $route)
public function __construct($segments, $route, $uri)
{
$this->segments = $segments;
$this->route = $route;
$this->uri = $uri;
}
public function process(Request $request, RequestHandler $handler) :response
{
$scheme = $request->getUri()->getScheme();
# start session
Session::startSessionForSegments($this->segments, $this->route);
Session::startSessionForSegments($this->segments, $this->route, $scheme);
$authenticated = (
(isset($_SESSION['username'])) &&
@@ -51,7 +57,6 @@ class SessionMiddleware implements MiddlewareInterface
}
}
$response = $handler->handle($request);
return $response;

View File

@@ -4,25 +4,25 @@ namespace Typemill\Static;
class Session
{
public static function startSessionForSegments($sessionSegments, $routepath)
public static function startSessionForSegments($sessionSegments, $routepath, $scheme)
{
if(isset($_SESSION))
{
return false;
}
$routepath = ltrim($routepath, '/');
foreach($sessionSegments as $segment)
{
#echo '<br>' . $segment;
#echo '<br>' . $routepath;
if(substr( $routepath, 0, strlen($segment) ) === ltrim($segment, '/'))
{
#echo '<br>Create Session';
# configure session
ini_set('session.cookie_httponly', 1 );
ini_set('session.use_strict_mode', 1);
ini_set('session.cookie_samesite', 'lax');
/*
if($uri->getScheme() == 'https')
if($scheme == 'https')
{
ini_set('session.cookie_secure', 1);
session_name('__Secure-typemill-session');
@@ -31,14 +31,15 @@ class Session
{
session_name('typemill-session');
}
*/
# start session
session_start();
# break;
return true;
}
}
return false;
}
public static function stopSession()

View File

@@ -336,7 +336,7 @@ $errorMiddleware->setErrorHandler(HttpNotFoundException::class, function ($reque
$app->add($errorMiddleware);
$app->add(new SessionMiddleware($session_segments, $urlinfo['route']));
$app->add(new SessionMiddleware($session_segments, $urlinfo['route'], $uri));
if(isset($settings['proxy']) && $settings['proxy'])
{