Example #1
0
 public function logout()
 {
     Session::wipe('user');
     // check for keep logged in, destroy if found
 }
Example #2
0
} else {
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) && Validation::isIP($_SERVER['HTTP_X_FORWARDED_FOR']) && !Validation::isLocalIP($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        define('IP', $_SERVER['HTTP_X_FORWARDED_FOR']);
    } else {
        if (Validation::isIP($_SERVER['REMOTE_ADDR']) && !Validation::isLocalIP($_SERVER['REMOTE_ADDR'])) {
            define('IP', $_SERVER['REMOTE_ADDR']);
        } else {
            define('IP', '0.0.0.0');
        }
    }
}
// Security : The session is wiped if the user-agent change
if (Session::exists('HTTP_USER_AGENT')) {
    if (Session::read('HTTP_USER_AGENT') != $_SERVER['HTTP_USER_AGENT']) {
        Session::regenerate_id();
        Session::wipe();
        Session::write('HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
    }
} else {
    Session::write('HTTP_USER_AGENT', $_SERVER['HTTP_USER_AGENT']);
}
// Security : The page is reloaded without session id in the URL if the session id is present in the URL
if (strpos($_SERVER['REQUEST_URI'], Session::name()) && count($_POST) == 0) {
    Session::close();
    setcookie(Session::name(), Session::id(), null, '/', '.' . $domaine);
    $page_address = preg_replace('#(?<=&|\\?)' . Session::name() . '=[^&]+(?:&|$)#', '', $_SERVER['REQUEST_URI']);
    $page_address = rtrim($page_address, '?&');
    header('Location: http://' . $_SERVER['HTTP_HOST'] . $page_address);
    exit;
}
// Security : The $_POST variables are wiped if the referer domain is different from the current domain