Destroy session when invalid, use more compatible js path
parent
e795898b80
commit
d06e938d0e
|
@ -39,7 +39,7 @@ return array(
|
|||
"customErrorMessage" => "",
|
||||
"jsPath" => "../js/csrfprotector.js",
|
||||
// Fetching IS_HTTPS from sessions handler
|
||||
"jsUrl" => get_trusted_hostname(),
|
||||
"jsUrl" => "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
|
||||
"tokenLength" => 10,
|
||||
"secureCookie" => false,
|
||||
"disabledJavascriptMessage" => "",
|
||||
|
|
|
@ -54,5 +54,9 @@ function session_check() {
|
|||
return true;
|
||||
}
|
||||
if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
|
||||
exit("Invalid session");
|
||||
session_regenerate_id(true);
|
||||
session_unset();
|
||||
session_destroy();
|
||||
session_write_close();
|
||||
header("Location: /");
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue