unset($session_params);
try {
Zend\Session\Container::getDefaultManager()->start();
/* This portion may seem strange, but it is an extra validation against session
* collisions. An extra cookie is set with an additional random value. When loading
* the session, it makes sure the extra cookie matches the one in the session. Otherwise
* it destroys the session and reloads the page for the user.
*
* Effectively, in the occurence of a collision, both users are kicked out.
* This is an extremely rare occurence that is hard to reproduce by nature.
*/
if (isset($_SESSION['extra_validation'])) {
$cookie = isset($_COOKIE[$extra_cookie_name]) ? $_COOKIE[$extra_cookie_name] : null;
if ($cookie !== $_SESSION['extra_validation']) {
TikiLib::lib('logs')->add_log('system', 'session cookie validation failed');
Zend\Session\Container::getDefaultManager()->destroy();
header('Location: ' . $_SERVER['REQUEST_URI']);
exit;
}
} else {
$sequence = $tikilib->generate_unique_sequence(16);
$_SESSION['extra_validation'] = $sequence;
setcookie($extra_cookie_name, $sequence, time() + 365 * 24 * 3600, ini_get('session.cookie_path'));
unset($sequence);
}
} catch (Zend\Session\Exception\ExceptionInterface $e) {
// Ignore
}
}
}
// Moved here from tiki-setup.php because smarty use a copy of session
