Session类增加安全选项

This commit is contained in:
thinkphp
2017-01-06 14:14:21 +08:00
parent 883574dea2
commit d81a52f8d2
2 changed files with 8 additions and 1 deletions

View File

@@ -203,6 +203,8 @@ return [
'type' => '', 'type' => '',
// 是否自动开启 SESSION // 是否自动开启 SESSION
'auto_start' => true, 'auto_start' => true,
'httponly' => true,
'secure' => true,
], ],
// +---------------------------------------------------------------------- // +----------------------------------------------------------------------

View File

@@ -77,7 +77,12 @@ class Session
ini_set('session.gc_maxlifetime', $config['expire']); ini_set('session.gc_maxlifetime', $config['expire']);
ini_set('session.cookie_lifetime', $config['expire']); ini_set('session.cookie_lifetime', $config['expire']);
} }
if (isset($config['secure'])) {
ini_set('session.cookie_secure', $config['secure']);
}
if (isset($config['httponly'])) {
ini_set('session.cookie_httponly', $config['httponly']);
}
if (isset($config['use_cookies'])) { if (isset($config['use_cookies'])) {
ini_set('session.use_cookies', $config['use_cookies'] ? 1 : 0); ini_set('session.use_cookies', $config['use_cookies'] ? 1 : 0);
} }