Destroy session when invalid, use more compatible js path
parent
e795898b80
commit
d06e938d0e
|
@ -39,9 +39,9 @@ return array(
|
||||||
"customErrorMessage" => "",
|
"customErrorMessage" => "",
|
||||||
"jsPath" => "../js/csrfprotector.js",
|
"jsPath" => "../js/csrfprotector.js",
|
||||||
// Fetching IS_HTTPS from sessions handler
|
// Fetching IS_HTTPS from sessions handler
|
||||||
"jsUrl" => get_trusted_hostname(),
|
"jsUrl" => "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
|
||||||
"tokenLength" => 10,
|
"tokenLength" => 10,
|
||||||
"secureCookie" => false,
|
"secureCookie" => false,
|
||||||
"disabledJavascriptMessage" => "",
|
"disabledJavascriptMessage" => "",
|
||||||
"verifyGetFor" => array()
|
"verifyGetFor" => array()
|
||||||
);
|
);
|
||||||
|
|
|
@ -54,5 +54,9 @@ function session_check() {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
|
if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
|
||||||
exit("Invalid session");
|
session_regenerate_id(true);
|
||||||
|
session_unset();
|
||||||
|
session_destroy();
|
||||||
|
session_write_close();
|
||||||
|
header("Location: /");
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue