Rev 1130 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1130 | Rev 1282 | ||
|---|---|---|---|
| Line 38... | Line 38... | ||
| 38 | /** |
38 | /** |
| 39 | * @throws OIDplusException |
39 | * @throws OIDplusException |
| 40 | */ |
40 | */ |
| 41 | public function __construct() { |
41 | public function __construct() { |
| 42 | $this->sessionLifetime = OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60); |
42 | $this->sessionLifetime = OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60); |
| 43 | $this->secret = OIDplus::baseConfig()->getValue('SERVER_SECRET'); |
43 | $this->secret = OIDplus::authUtils()->makeSecret('b118abc8-f4ec-11ed-86ca-3c4a92df8582'); |
| 44 | 44 | ||
| 45 | // **PREVENTING SESSION HIJACKING** |
45 | // **PREVENTING SESSION HIJACKING** |
| 46 | // Prevents javascript XSS attacks aimed to steal the session ID |
46 | // Prevents javascript XSS attacks aimed to steal the session ID |
| 47 | @ini_set('session.cookie_httponly', '1'); |
47 | @ini_set('session.cookie_httponly', '1'); |
| 48 | 48 | ||