Browse Source

log if the session handler fails and surface the ssl_cookie config setting

redmatrix 4 years ago
parent
commit
c0bdcfedeb
3 changed files with 5 additions and 1 deletions
  1. 3 1
      Zotlabs/Web/Session.php
  2. 1 0
      install/htconfig.sample.php
  3. 1 0
      view/en/htconfig.tpl

+ 3 - 1
Zotlabs/Web/Session.php

@@ -27,7 +27,9 @@ class Session {
 
 		$handler = new \Zotlabs\Web\SessionHandler();
 
-		session_set_save_handler($handler,true);
+		$x = session_set_save_handler($handler,true);
+		if(! $x)
+			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);
 
 		// Force cookies to be secure (https only) if this site is SSL enabled. 
 		// Must be done before session_start().

+ 1 - 0
install/htconfig.sample.php

@@ -53,6 +53,7 @@ App::$config['system']['location_hash'] = 'if the auto install failed, put a uni
 
 App::$config['system']['transport_security_header'] = 1;
 App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
 
 
 // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.

+ 1 - 0
view/en/htconfig.tpl

@@ -43,6 +43,7 @@ App::$config['system']['location_hash'] = '{{$site_id}}';
 
 App::$config['system']['transport_security_header'] = 1;
 App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;
 
 // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
 // Be certain to create your own personal account before setting