mirror of
https://github.com/typemill/typemill.git
synced 2025-07-31 19:30:40 +02:00
Add secure session
This commit is contained in:
@@ -14,18 +14,24 @@ class SessionMiddleware implements MiddlewareInterface
|
||||
protected $segments;
|
||||
|
||||
protected $route;
|
||||
|
||||
protected $uri;
|
||||
|
||||
public function __construct($segments, $route)
|
||||
public function __construct($segments, $route, $uri)
|
||||
{
|
||||
$this->segments = $segments;
|
||||
|
||||
$this->route = $route;
|
||||
|
||||
$this->uri = $uri;
|
||||
}
|
||||
|
||||
public function process(Request $request, RequestHandler $handler) :response
|
||||
{
|
||||
$scheme = $request->getUri()->getScheme();
|
||||
|
||||
# start session
|
||||
Session::startSessionForSegments($this->segments, $this->route);
|
||||
Session::startSessionForSegments($this->segments, $this->route, $scheme);
|
||||
|
||||
$authenticated = (
|
||||
(isset($_SESSION['username'])) &&
|
||||
@@ -51,7 +57,6 @@ class SessionMiddleware implements MiddlewareInterface
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$response = $handler->handle($request);
|
||||
|
||||
return $response;
|
||||
|
@@ -4,25 +4,25 @@ namespace Typemill\Static;
|
||||
|
||||
class Session
|
||||
{
|
||||
public static function startSessionForSegments($sessionSegments, $routepath)
|
||||
public static function startSessionForSegments($sessionSegments, $routepath, $scheme)
|
||||
{
|
||||
if(isset($_SESSION))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$routepath = ltrim($routepath, '/');
|
||||
|
||||
foreach($sessionSegments as $segment)
|
||||
{
|
||||
#echo '<br>' . $segment;
|
||||
#echo '<br>' . $routepath;
|
||||
if(substr( $routepath, 0, strlen($segment) ) === ltrim($segment, '/'))
|
||||
{
|
||||
#echo '<br>Create Session';
|
||||
|
||||
# configure session
|
||||
ini_set('session.cookie_httponly', 1 );
|
||||
ini_set('session.use_strict_mode', 1);
|
||||
ini_set('session.cookie_samesite', 'lax');
|
||||
|
||||
/*
|
||||
if($uri->getScheme() == 'https')
|
||||
if($scheme == 'https')
|
||||
{
|
||||
ini_set('session.cookie_secure', 1);
|
||||
session_name('__Secure-typemill-session');
|
||||
@@ -31,14 +31,15 @@ class Session
|
||||
{
|
||||
session_name('typemill-session');
|
||||
}
|
||||
*/
|
||||
|
||||
# start session
|
||||
session_start();
|
||||
|
||||
# break;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function stopSession()
|
||||
|
@@ -336,7 +336,7 @@ $errorMiddleware->setErrorHandler(HttpNotFoundException::class, function ($reque
|
||||
|
||||
$app->add($errorMiddleware);
|
||||
|
||||
$app->add(new SessionMiddleware($session_segments, $urlinfo['route']));
|
||||
$app->add(new SessionMiddleware($session_segments, $urlinfo['route'], $uri));
|
||||
|
||||
if(isset($settings['proxy']) && $settings['proxy'])
|
||||
{
|
||||
|
Reference in New Issue
Block a user