nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add HttpOnly, Secure, and Samesite session settings to config.conf (#7548)

Browse Source 
* Add HttpOnly, Secure, and Samesite session settings to config.conf

* Update upgrade_menu.php

* Update upgrade.php

* Update install.php
This commit is contained in:
Alex
2025-10-03 15:35:50 -07:00
committed by GitHub
parent 88ac778135
commit 0c76c4bee1
4 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/install/resources/classes/install.php
View File

@@ -126,6 +126,11 @@
$conf .= "php.dir = ".$php_dir."\n";
$conf .= "php.bin = php\n";
$conf .= "\n";
$conf .= "#session settings\n";
$conf .= "session.cookie_httponly = true\n";
$conf .= "session.cookie_secure = true\n";
$conf .= "session.cookie_samesite = Lax\n";
$conf .= "\n";
$conf .= "#cache settings\n";
$conf .= "cache.method = file\n";
$conf .= "cache.location = ".$cache_location."\n";

5
core/upgrade/upgrade.php
View File

@@ -112,6 +112,11 @@
$conf .= "php.dir = ".$php_dir."\n";
$conf .= "php.bin = php\n";
$conf .= "\n";
$conf .= "#session settings\n";
$conf .= "session.cookie_httponly = true\n";
$conf .= "session.cookie_secure = true\n";
$conf .= "session.cookie_samesite = Lax\n";
$conf .= "\n";
$conf .= "#cache settings\n";
$conf .= "cache.method = file\n";
$conf .= "cache.location = ".$cache_location."\n";

5
core/upgrade/upgrade_menu.php
View File

@@ -534,6 +534,11 @@ function load_config_php() {
$conf .= "php.dir = " . PHP_BINDIR . "\n";
$conf .= "php.bin = php\n";
$conf .= "\n";
$conf .= "#session settings\n";
$conf .= "session.cookie_httponly = true\n";
$conf .= "session.cookie_secure = true\n";
$conf .= "session.cookie_samesite = Lax\n";
$conf .= "\n";
$conf .= "#cache settings\n";
$conf .= "cache.method = file\n";
$conf .= "cache.location = /var/cache/fusionpbx\n";

6
resources/require.php
View File

@@ -91,9 +91,9 @@
//start the session if not using the command line
global $no_session;
if (!defined('STDIN') && empty($no_session)) {
ini_set('session.cookie_httponly', 'true');
ini_set('session.cookie_secure', 'true');
ini_set('session.cookie_samesite', 'Lax');
ini_set('session.cookie_httponly', !isset($conf['session.cookie_httponly']) ? 'true' : (!empty($config->get('session.cookie_httponly')) ? 'true' : 'false'));
ini_set('session.cookie_secure', !isset($conf['session.cookie_secure']) ? 'true' : (!empty($config->get('session.cookie_secure')) ? 'true' : 'false'));
ini_set('session.cookie_samesite', $config->get('session.cookie_samesite', 'Lax'));
session_start();
}