Destroy session when invalid, use more compatible js path

master
andryyy 2017-05-14 21:54:18 +02:00
parent e795898b80
commit d06e938d0e
2 changed files with 7 additions and 3 deletions

View File

@ -39,9 +39,9 @@ return array(
"customErrorMessage" => "",
"jsPath" => "../js/csrfprotector.js",
// Fetching IS_HTTPS from sessions handler
"jsUrl" => get_trusted_hostname(),
"jsUrl" => "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
"tokenLength" => 10,
"secureCookie" => false,
"disabledJavascriptMessage" => "",
"verifyGetFor" => array()
);
);

View File

@ -54,5 +54,9 @@ function session_check() {
return true;
}
if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
exit("Invalid session");
session_regenerate_id(true);
session_unset();
session_destroy();
session_write_close();
header("Location: /");
}