unset($session_params); try { Zend\Session\Container::getDefaultManager()->start(); /* This portion may seem strange, but it is an extra validation against session * collisions. An extra cookie is set with an additional random value. When loading * the session, it makes sure the extra cookie matches the one in the session. Otherwise * it destroys the session and reloads the page for the user. * * Effectively, in the occurence of a collision, both users are kicked out. * This is an extremely rare occurence that is hard to reproduce by nature. */ if (isset($_SESSION['extra_validation'])) { $cookie = isset($_COOKIE[$extra_cookie_name]) ? $_COOKIE[$extra_cookie_name] : null; if ($cookie !== $_SESSION['extra_validation']) { TikiLib::lib('logs')->add_log('system', 'session cookie validation failed'); Zend\Session\Container::getDefaultManager()->destroy(); header('Location: ' . $_SERVER['REQUEST_URI']); exit; } } else { $sequence = $tikilib->generate_unique_sequence(16); $_SESSION['extra_validation'] = $sequence; setcookie($extra_cookie_name, $sequence, time() + 365 * 24 * 3600, ini_get('session.cookie_path')); unset($sequence); } } catch (Zend\Session\Exception\ExceptionInterface $e) { // Ignore } } } // Moved here from tiki-setup.php because smarty use a copy of session