Skip to content
Permalink
Browse files

Added additional test for session security values in php ini

  • Loading branch information...
jfanjoy-inetu committed Dec 2, 2015
1 parent 5cbad62 commit 0baaf976a9419c59f2f81001d3c6d57b1d3b03b1
Showing with 3 additions and 2 deletions.
  1. +3 −2 src/Network/Session.php
@@ -93,14 +93,15 @@ class Session
*/
public static function create($sessionConfig = [])
{
$sessionIni = ini_get_all("session");
if (isset($sessionConfig['defaults'])) {
$defaults = static::_defaultConfig($sessionConfig['defaults']);
if ($defaults) {
$sessionConfig = Hash::merge($defaults, $sessionConfig);
}
}
if (!isset($sessionConfig['ini']['session.cookie_secure']) && env('HTTPS')) {
if (!isset($sessionConfig['ini']['session.cookie_secure']) && env('HTTPS') && $sessionIni["session.cookie_secure"]['local'] != 1) {
$sessionConfig['ini']['session.cookie_secure'] = 1;
}
@@ -112,7 +113,7 @@ public static function create($sessionConfig = [])
$sessionConfig['ini']['session.save_handler'] = 'user';
}
if (!isset($sessionConfig['ini']['session.cookie_httponly'])) {
if (!isset($sessionConfig['ini']['session.cookie_httponly']) && $sessionIni["session.cookie_httponly"]['local'] != 1) {
$sessionConfig['ini']['session.cookie_httponly'] = 1;
}

0 comments on commit 0baaf97

Please sign in to comment.
You can’t perform that action at this time.