/**
* Open a session
*
* @access public
* @param string $base_path Cookie path
*/
public function open($base_path = '/')
{
// HttpOnly and secure flags for session cookie
session_set_cookie_params(self::SESSION_LIFETIME, $base_path ?: '/', null, Request::isHTTPS(), true);
// Avoid session id in the URL
ini_set('session.use_only_cookies', '1');
// Enable strict mode
ini_set('session.use_strict_mode', '1');
// Ensure session ID integrity
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', '32');
ini_set('session.hash_bits_per_character', 6);
// If session was autostarted with session.auto_start = 1 in php.ini destroy it
if (isset($_SESSION)) {
session_destroy();
}
// Custom session name
session_name('__S');
// Start the session
session_start();
// Regenerate the session id to avoid session fixation issue
if (empty($_SESSION['__validated'])) {
session_regenerate_id(true);
$_SESSION['__validated'] = 1;
}
}
/**
* Send the security header: Strict-Transport-Security (only if we use HTTPS)
*
* @access public
*/
public function hsts()
{
if (Request::isHTTPS()) {
header('Strict-Transport-Security: max-age=31536000');
}
}
/**
* Render a ReCaptcha input.
*
* @return string
* Rendered HTML.
*/
public static function render() {
require_once HOME_PATH . '/Lightning/Vendor/recaptcha/recaptcha-plugins/php/recaptchalib.php';
return recaptcha_get_html(Configuration::get('recaptcha.public'), null, Request::isHTTPS());
}
