From 181128d13f7156332f052688cb89400ec19176db Mon Sep 17 00:00:00 2001 From: Jason Hilder Date: Fri, 29 May 2026 11:13:08 +0200 Subject: [PATCH] Added session and csrf token to bootstrap. --- src/bootstrap.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/bootstrap.php b/src/bootstrap.php index 3608da7..4a5f78c 100755 --- a/src/bootstrap.php +++ b/src/bootstrap.php @@ -1,4 +1,21 @@ true, + 'cookie_secure' => !empty($_SERVER['HTTPS']), + 'cookie_samesite' => 'Lax', +]); + +// Add a csrf token to our session +if (empty($_SESSION['csrf_token'])) { + $_SESSION['csrf_token'] = bin2hex(random_bytes(32)); +} + +// ----------------------------------------------------------------------------- +// Helpers/additions +// ----------------------------------------------------------------------------- require_once ROOT.'/src/helpers.php'; require_once ROOT.'/src/database.php';