From 243e9b045f2330da0fc6aaa0c4df40196ea99bed Mon Sep 17 00:00:00 2001
From: Lukas Metzger <developer@lukas-metzger.com>
Date: Fri, 29 Jan 2016 15:39:40 +0100
Subject: [PATCH] Added more protection against session theft

---
 api/index.php   | 5 +++++
 lib/session.php | 9 ++++++++-
 logout.php      | 1 +
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/api/index.php b/api/index.php
index 6919acd..61269b6 100644
--- a/api/index.php
+++ b/api/index.php
@@ -35,6 +35,11 @@ if (password_verify($input->password, $password)) {
     
     $_SESSION['id'] = $id;
     $_SESSION['type'] = $type;
+    
+    $randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
+    $_SESSION['secret'] = $randomSecret;
+    
+    setcookie("authSecret", $randomSecret, 0, "/", "", false, true);
 } else {
     $retval['status'] = "fail";
 }
diff --git a/lib/session.php b/lib/session.php
index 42435bc..b18dc19 100644
--- a/lib/session.php
+++ b/lib/session.php
@@ -18,7 +18,14 @@
 
 session_start();
 
-if(!isset($_SESSION['id'])) {
+
+if(
+    !isset($_SESSION['id']) ||
+    !isset($_SESSION['secret']) ||
+    !isset($_COOKIE['authSecret']) ||
+    $_SESSION['secret'] !== $_COOKIE['authSecret']
+) {
     header('Location: index.php');
+    session_destroy();
     exit();
 }
\ No newline at end of file
diff --git a/logout.php b/logout.php
index e34bea3..53dcb32 100644
--- a/logout.php
+++ b/logout.php
@@ -17,6 +17,7 @@ limitations under the License.
 <?php
     require_once 'lib/session.php';
     session_destroy();
+    setcookie("authSecret", "", 1, "/", "", false, true);
 ?>
 <html>
     <head>