Added more protection against session theft

2016-01-29 15:39:40 +01:00 · 2016-01-29 15:39:40 +01:00 · 243e9b045f
commit 243e9b045f
parent 8db64004ca
3 changed files with 14 additions and 1 deletions
--- a/api/index.php
+++ b/api/index.php
@ -35,6 +35,11 @@ if (password_verify($input->password, $password)) {
    
    $_SESSION['id'] = $id;
    $_SESSION['type'] = $type;
+    
+    $randomSecret = base64_encode(openssl_random_pseudo_bytes(32));
+    $_SESSION['secret'] = $randomSecret;
+    
+    setcookie("authSecret", $randomSecret, 0, "/", "", false, true);
 } else {
    $retval['status'] = "fail";
 }