genuineparts/alltube
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use secure session cookies (fixes #321)

Browse source
This commit is contained in:
Pierre Rudloff 2020-10-21 23:04:29 +02:00
parent de8c5e5dc7
commit 342b8c4a42
6 changed files with 23 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

18
classes/Factory/SessionFactory.php
View file

@ -7,6 +7,7 @@
namespace Alltube\Factory;
use Aura\Session\Session;
use Slim\Container;
/**
* Manage sessions.
@ -17,11 +18,24 @@ class SessionFactory
/**
* Get the current session.
*
* @param Container $container
* @return Session
*/
public static function create()
public static function create(Container $container)
{
$session_factory = new \Aura\Session\SessionFactory();
return $session_factory->newInstance($_COOKIE);
$session = $session_factory->newInstance($_COOKIE);
$session->setCookieParams(['httponly' => true]);
$request = $container->get('request');
if (
in_array('https', $request->getHeader('X-Forwarded-Proto'))
|| $request->getUri()->getScheme() == 'https'
) {
$session->setCookieParams(['secure' => true]);
}
return $session;
}
}