2 /* vim: set expandtab sw=4 ts=4 sts=4: */
10 * tries to secure session from hijacking and fixation
11 * should be called before login and after successful login
12 * (only required if sensitive information stored in session)
16 function PMA_secureSession()
18 // prevent session fixation and XSS
19 if (session_status() === PHP_SESSION_ACTIVE
&& ! defined('TESTSUITE')) {
20 session_regenerate_id(true);
27 * Generates PMA_token session variable.
31 function PMA_generateToken()
33 if (class_exists('phpseclib\Crypt\Random')) {
34 $_SESSION[' PMA_token '] = bin2hex(phpseclib\Crypt\Random
::string(16));
36 $_SESSION[' PMA_token '] = bin2hex(openssl_random_pseudo_bytes(16));
40 * Check if token is properly generated (the genration can fail, for example
41 * due to missing /dev/random for openssl).
43 if (empty($_SESSION[' PMA_token '])) {
45 'Failed to generate random CSRF token!'