paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix bug: Session cookie domain 

If the web domain is != mail domain, the session cookie is set to the wrong domain.
master
Dennis Neufeld 2017-05-16 19:46:24 +02:00
parent 53d02ded2a
commit 0d3d9b8c15
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
data/web/inc/sessions.inc.php
View File

@ -13,7 +13,7 @@ elseif (isset($_SERVER['HTTPS'])) {
else { else {
$IS_HTTPS = false; $IS_HTTPS = false;
} }
session_set_cookie_params($GLOBALS['SESSION_LIFETIME'], '/', $_SERVER['SERVER_NAME'], $IS_HTTPS, true); session_set_cookie_params($GLOBALS['SESSION_LIFETIME'], '/', '', $IS_HTTPS, true);
session_start(); session_start();
if (!isset($_SESSION['CSRF']['TOKEN'])) { if (!isset($_SESSION['CSRF']['TOKEN'])) {
$_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32)); $_SESSION['CSRF']['TOKEN'] = bin2hex(random_bytes(32));