log if the session handler fails and surface the ssl_cookie config setting

2016-04-08 05:10:36 -07:00 · 2016-04-08 05:10:36 -07:00 · c0bdcfedeb
commit c0bdcfedeb
parent 9b66b5eee3
3 changed files with 5 additions and 1 deletions
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@ -27,7 +27,9 @@ class Session {

 		$handler = new \Zotlabs\Web\SessionHandler();

-		session_set_save_handler($handler,true);
+		$x = session_set_save_handler($handler,true);
+		if(! $x)
+			logger('Session save handler initialisation failed.',LOGGER_NORMAL,LOG_ERR);

 		// Force cookies to be secure (https only) if this site is SSL enabled. 
 		// Must be done before session_start().
--- a/install/htconfig.sample.php
+++ b/install/htconfig.sample.php
@ -53,6 +53,7 @@ App::$config['system']['location_hash'] = 'if the auto install failed, put a uni

 App::$config['system']['transport_security_header'] = 1;
 App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;


 // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
--- a/view/en/htconfig.tpl
+++ b/view/en/htconfig.tpl
@ -43,6 +43,7 @@ App::$config['system']['location_hash'] = '{{$site_id}}';

 App::$config['system']['transport_security_header'] = 1;
 App::$config['system']['content_security_policy'] = 1;
+App::$config['system']['ssl_cookie_protection'] = 1;

 // Your choices are REGISTER_OPEN, REGISTER_APPROVE, or REGISTER_CLOSED.
 // Be certain to create your own personal account before setting