Context Navigation

← Previous Change
Next Change →

Auth_SQL.inc.php

Timestamp:

May 30, 2019 5:28:57 AM (5 years ago)

Author:

anonymous

Message:

Remove App's 'ssl_domain' and 'ssl_enabled' parameters; determine SSL usage by detecting the presence of HTTPS env var (or HTTP_X_FORWARDED_PROTO). Update Session parameters for greater logevity and security. Add 'session_dir' to store site-specific sess_* files with a longer gc_maxlifetime duration.

File:

: 1 edited

trunk/lib/Auth_SQL.inc.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/lib/Auth_SQL.inc.php

-                      r674
+                      r690
      *  - remote address is the same as the login remote address
+     *
+     * TODO: implement persisten sessions as per https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence
+     *
      * @access public
      */
 …
             // Login scripts must have the same 'login' tag for boomerangURL verification/manipulation.
             $app->setBoomerangURL(absoluteMe(), 'login');
+            $app->setBoomerangURL(getenv('REQUEST_URI'), 'login');
             $app->dieURL($this->_params['login_url']);
+        }

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 690 for trunk/lib/Auth_SQL.inc.php

Legend:

trunk/lib/Auth_SQL.inc.php

Download in other formats: