bring session settings in line with phpList core

michield · michield · commit 3b6e249cf79b · 2020-07-05T13:07:23.000+01:00
diff --git a/index.php b/index.php
@@ -26,7 +26,11 @@ class updater
 
     public function isAuthenticated()
     {
-        session_start();
+
+        ini_set('session.name','phpListSession');
+        ini_set('session.cookie_samesite','Strict');
+        ini_set('session.use_only_cookies',1);
+        ini_set('session.cookie_httponly',1);        session_start();
         if (isset($_SESSION[self::ELIGIBLE_SESSION_KEY]) && $_SESSION[self::ELIGIBLE_SESSION_KEY] === true) {
             return true;
         }

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,11 @@ class updater`
`26`	`26`
`27`	`27`	`public function isAuthenticated()`
`28`	`28`	`{`
`29`		`- session_start();`
	`29`	`+`
	`30`	`+ ini_set('session.name','phpListSession');`
	`31`	`+ ini_set('session.cookie_samesite','Strict');`
	`32`	`+ ini_set('session.use_only_cookies',1);`
	`33`	`+ ini_set('session.cookie_httponly',1); session_start();`
`30`	`34`	`if (isset($_SESSION[self::ELIGIBLE_SESSION_KEY]) && $_SESSION[self::ELIGIBLE_SESSION_KEY] === true) {`
`31`	`35`	`return true;`
`32`	`36`	`}`