Mirrors/sysPass
2
0
Fork 0
mirror of https://github.com/nuxsmin/sysPass.git synced 2026-03-06 08:34:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

* [ADD] Added session data encryption.

Browse Source
This commit is contained in:
nuxsmin
2017-03-05 09:13:27 +01:00
parent 2a1a22a75f
commit 8f34cc84ca
2 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
inc/SP/Core/Crypt/CryptSessionHandler.class.php
View File

@@ -78,11 +78,12 @@ class CryptSessionHandler extends \SessionHandler
return Crypt::decrypt($data, $this->Key);
} catch (CryptoException $e) {
debugLog($e->getMessage());
self::$isSecured = false;
return '';
debugLog($e->getMessage());
debugLog('Session data not encrypted.');
return $data;
}
}
}
@@ -111,12 +112,13 @@ class CryptSessionHandler extends \SessionHandler
$data = Crypt::encrypt($data, $this->Key);
self::$isSecured = true;
return parent::write($id, $data);
} catch (CryptoException $e) {
debugLog($e->getMessage());
self::$isSecured = false;
return false;
debugLog('Could not encrypt session data.');
debugLog($e->getMessage());
}
return parent::write($id, $data);
}
}

8
inc/SP/Core/Crypt/SecureKeyCookie.class.php
View File

@@ -115,8 +115,6 @@ class SecureKeyCookie extends Cookie
return false;
}
debugLog('Generating a new session key.');
try {
$this->SecuredKey = Key::createNewRandomKey();
@@ -125,9 +123,13 @@ class SecureKeyCookie extends Cookie
// $timeout = ini_get('session.gc_maxlifetime') ?: 3600;
if (setcookie(SecureKeyCookie::COOKIE_NAME, $this->sign(serialize($Vault), $key), 0, Init::$WEBURI, Checks::httpsEnabled())) {
if (setcookie(SecureKeyCookie::COOKIE_NAME, $this->sign(serialize($Vault), $key), 0, Init::$WEBURI, Request::getRequestHeaders('HTTP_HOST'))) {
debugLog('Generating a new session key.');
return $this->SecuredKey;
} else {
debugLog('Could not generate session key cookie.');
unset($this->SecuredKey);
}
} catch (CryptoException $e) {