public function start()
{
//start session
//In some cases it doesn't make sense to use the session because the client is
//not capable. (WebDAV for example).
if (!defined("GO_NO_SESSION")) {
if (!isset($_SESSION)) {
//without cookie_httponly the cookie can be accessed by malicious scripts
//injected to the site and its value can be stolen. Any information stored in
//session tokens may be stolen and used later for identity theft or
//user impersonation.
ini_set("session.cookie_httponly", 1);
//Avoid session id in url's to prevent session hijacking.
ini_set('session.use_only_cookies', 1);
if (Util\Http::isHttps()) {
ini_set('session.cookie_secure', 1);
}
if (isset($_REQUEST['GOSID'])) {
session_id($_REQUEST['GOSID']);
}
session_name('groupoffice');
session_start();
if (isset($_REQUEST['GOSID'])) {
if (!isset($_REQUEST['security_token']) || $_SESSION['GO_SESSION']['security_token'] != $_REQUEST['security_token']) {
throw new \Exception\SecurityTokenMismatch();
}
}
}
//\GO::debug causes endless loop
//\GO::debug("Started session");
}
$this->values =& $_SESSION['GO_SESSION'];
if (!isset($this->values['security_token'])) {
//this log here causes endless loop and segfaults
//$this->_log("security_token");
$this->values['security_token'] = Util\String::randomPassword(20, 'a-z,A-Z,1-9');
}
}
