diff --git a/inc/SP/Core/Crypt/CryptSessionHandler.class.php b/inc/SP/Core/Crypt/CryptSessionHandler.class.php index c8352bbd..a45e4388 100644 --- a/inc/SP/Core/Crypt/CryptSessionHandler.class.php +++ b/inc/SP/Core/Crypt/CryptSessionHandler.class.php @@ -78,11 +78,12 @@ class CryptSessionHandler extends \SessionHandler return Crypt::decrypt($data, $this->Key); } catch (CryptoException $e) { - debugLog($e->getMessage()); - self::$isSecured = false; - return ''; + debugLog($e->getMessage()); + debugLog('Session data not encrypted.'); + + return $data; } } } @@ -111,12 +112,13 @@ class CryptSessionHandler extends \SessionHandler $data = Crypt::encrypt($data, $this->Key); self::$isSecured = true; - - return parent::write($id, $data); } catch (CryptoException $e) { - debugLog($e->getMessage()); + self::$isSecured = false; - return false; + debugLog('Could not encrypt session data.'); + debugLog($e->getMessage()); } + + return parent::write($id, $data); } } \ No newline at end of file diff --git a/inc/SP/Core/Crypt/SecureKeyCookie.class.php b/inc/SP/Core/Crypt/SecureKeyCookie.class.php index fc9fb83a..79c431ca 100644 --- a/inc/SP/Core/Crypt/SecureKeyCookie.class.php +++ b/inc/SP/Core/Crypt/SecureKeyCookie.class.php @@ -115,8 +115,6 @@ class SecureKeyCookie extends Cookie return false; } - debugLog('Generating a new session key.'); - try { $this->SecuredKey = Key::createNewRandomKey(); @@ -125,9 +123,13 @@ class SecureKeyCookie extends Cookie // $timeout = ini_get('session.gc_maxlifetime') ?: 3600; - if (setcookie(SecureKeyCookie::COOKIE_NAME, $this->sign(serialize($Vault), $key), 0, Init::$WEBURI, Checks::httpsEnabled())) { + if (setcookie(SecureKeyCookie::COOKIE_NAME, $this->sign(serialize($Vault), $key), 0, Init::$WEBURI, Request::getRequestHeaders('HTTP_HOST'))) { + debugLog('Generating a new session key.'); + return $this->SecuredKey; } else { + debugLog('Could not generate session key cookie.'); + unset($this->SecuredKey); } } catch (CryptoException $e) {