/** * Open a session * * @access public * @param string $base_path Cookie path */ public function open($base_path = '/') { // HttpOnly and secure flags for session cookie session_set_cookie_params(self::SESSION_LIFETIME, $base_path ?: '/', null, Request::isHTTPS(), true); // Avoid session id in the URL ini_set('session.use_only_cookies', '1'); // Enable strict mode ini_set('session.use_strict_mode', '1'); // Ensure session ID integrity ini_set('session.entropy_file', '/dev/urandom'); ini_set('session.entropy_length', '32'); ini_set('session.hash_bits_per_character', 6); // If session was autostarted with session.auto_start = 1 in php.ini destroy it if (isset($_SESSION)) { session_destroy(); } // Custom session name session_name('__S'); // Start the session session_start(); // Regenerate the session id to avoid session fixation issue if (empty($_SESSION['__validated'])) { session_regenerate_id(true); $_SESSION['__validated'] = 1; } }
/** * Send the security header: Strict-Transport-Security (only if we use HTTPS) * * @access public */ public function hsts() { if (Request::isHTTPS()) { header('Strict-Transport-Security: max-age=31536000'); } }
/** * Render a ReCaptcha input. * * @return string * Rendered HTML. */ public static function render() { require_once HOME_PATH . '/Lightning/Vendor/recaptcha/recaptcha-plugins/php/recaptchalib.php'; return recaptcha_get_html(Configuration::get('recaptcha.public'), null, Request::isHTTPS()); }