MAPG-230 renew session cookie if it already exists #44

Merged
bence merged 1 commits from bugfix/MAPG-230-session-s-cookie-is-not-renewed into develop 2021-05-09 17:21:46 +02:00
Showing only changes of commit 8e9e5b08f9 - Show all commits

14
web.php
View File

@ -74,13 +74,23 @@ if (isset($_COOKIE['COOKIES_CONSENT'])) {
session_set_save_handler(Container::$sessionHandler, true); session_set_save_handler(Container::$sessionHandler, true);
session_start([ session_start([
'gc_maxlifetime' => 604800,
'gc_probability' => 0, // old sessions are deleted by MaintainDatabaseCommand 'gc_probability' => 0, // old sessions are deleted by MaintainDatabaseCommand
'cookie_lifetime' => 604800, // TODO: cookie is not renewed so session can be lost 'cookie_lifetime' => 604800,
'cookie_path' => '/',
'cookie_httponly' => true, 'cookie_httponly' => true,
'cookie_samesite' => 'Lax' 'cookie_samesite' => 'Lax'
]); ]);
if (isset($_COOKIE[session_name()])) {
// extend session cookie lifetime is cookie already exists
setcookie(session_name(), session_id(), [
'expires' => time() + 604800,
'path' => '/',
'httponly' => true,
'samesite' => 'Lax'
]);
}
// this is needed to handle old type of session IDs // this is needed to handle old type of session IDs
if (!Container::$sessionHandler->validateId(session_id())) { if (!Container::$sessionHandler->validateId(session_id())) {
session_regenerate_id(true); session_regenerate_id(true);