Added more protection against session theft

2016-01-29 15:39:40 +01:00 · 2016-01-29 15:39:40 +01:00 · 243e9b045f
parent 8db64004ca
commit 243e9b045f
3 changed files with 14 additions and 1 deletions
--- a/api/index.php
+++ b/api/index.php
@ -35,6 +35,11 @@ if (password_verify($input->password, $password)) {
    
    $_SESSION['id'] = $id;
    $_SESSION['type'] = $type;
+    
+    $randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
+    $_SESSION['secret'] = $randomSecret;
+    
+    setcookie("authSecret", $randomSecret, 0, "/", "", false, true);
 } else {
    $retval['status'] = "fail";
 }
--- a/lib/session.php
+++ b/lib/session.php
@ -18,7 +18,14 @@

 session_start();

-if(!isset($_SESSION['id'])) {
+
+if(
+    !isset($_SESSION['id']) ||
+    !isset($_SESSION['secret']) ||
+    !isset($_COOKIE['authSecret']) ||
+    $_SESSION['secret'] !== $_COOKIE['authSecret']
+) {
    header('Location: index.php');
+    session_destroy();
    exit();
 }
--- a/logout.php
+++ b/logout.php
@ -17,6 +17,7 @@ limitations under the License.
 <?php
    require_once 'lib/session.php';
    session_destroy();
+    setcookie("authSecret", "", 1, "/", "", false, true);
 ?>
 <html>
    <head>