feat(php): add session.sid_length option

juju4 · Jan 21, 2023 · 23bc9a1 · 23bc9a1
1 parent ccaf36e
commit 23bc9a1
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 2 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -75,6 +75,10 @@
     {
       "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
     },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
     {
       "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
       "min_level": 2
@@ -114,10 +118,10 @@
         "filename": "defaults/main.yml",
         "hashed_secret": "58fd89c014e8828fd28cf2a4a426c3d0dc7575ee",
         "is_verified": true,
-        "line_number": 136,
+        "line_number": 137,
         "is_secret": false
       }
     ]
   },
-  "generated_at": "2023-01-07T13:02:34Z"
+  "generated_at": "2023-01-21T14:50:34Z"
 }
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -129,6 +129,7 @@ harden_php_disable_functions: 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,p
 harden_php_memory_limit: 128M
 harden_php_include_path: '/usr/share/php'
 harden_php_session_use_strict_mode: 1
+harden_php_session_sid_length: 40
 harden_php_session_cookie_secure: true
 harden_php_session_cookie_httponly: true
 harden_php7_snuffleupagus: true

diff --git a/tasks/php.yml b/tasks/php.yml
@@ -67,6 +67,14 @@
     mode: '0644'
   with_items: "{{ _harden_apache_php_variants }}"
 
+- name: PHP | session.sid_length
+  ansible.builtin.lineinfile:
+    dest: "{{ harden_apache_phpini | default(harden_apache_phpdir + '/' + item + '/php.ini') }}"
+    regexp: '^session.sid_length = .*'
+    line: "session.sid_length = {{ harden_php_session_sid_length }}"
+    mode: '0644'
+  with_items: "{{ _harden_apache_php_variants }}"
+
 - name: PHP | session.cookie_secure
   ansible.builtin.lineinfile:
     dest: "{{ harden_apache_phpini | default(harden_apache_phpdir + '/' + item + '/php.ini') }}"