aio-interface: set cookie prefix to __Host-Http- (#7912)

Signed-off-by: Zoey <zoey@z0ey.de> Signed-off-by: Simon L. <szaimen@e.mail.de> Co-authored-by: Simon L. <szaimen@e.mail.de>
2026-05-21 10:50:10 +00:00 · 2026-04-16 11:12:34 +02:00
parent 8722cc83f4
commit 3871179a57
1 changed files with 1 additions and 0 deletions
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -38,6 +38,7 @@ $container->set(Guard::class, function () use ($responseFactory) {

 // Register Middleware To Be Executed On All Routes
 session_start([
+    "name" => "__Host-Http-PHPSESSID", // Set cookie prefix to prevent other pages from overwriting this cookie. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#cookie_prefixes
    "save_path" => $dataConst->GetSessionDirectory(), // Where to save the session files
    "cookie_lifetime" => 0, // Delete the session cookie whenever the browser is closed. See https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-lifetime
    "gc_maxlifetime" => 86400, // Delete sessions after 24 hours. See https://www.php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime