aboutsummaryrefslogtreecommitdiffhomepage
path: root/application/security
Commit message (Collapse)AuthorAgeFilesLines
* lint: apply phpcbf to application/VirtualTam2018-12-021-1/+0
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* SessionManager+LoginManager: fix checkLoginState logicVirtualTam2018-06-022-2/+5
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Add test coverage for LoginManager methodsVirtualTam2018-06-021-5/+4
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* SessionManager: remove unused UID tokenVirtualTam2018-06-021-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | There already are dedicated tokens for: - CSRF protection - user stay-signed-in feature, via cookie This token was most likely intended as a randomly generated, server-side, secret key to be used when generating hashes. See http://sebsauvage.net/wiki/doku.php?id=php:session [FR] Relevant section: Une clé secrète unique aléatoire est générée côté serveur (et jamais envoyée). Elle peut servir pour signer les formulaires (HMAC) ou générer des token de formulaires (protection contre XSRF). Voir $_SESSION['uid']. Translation: A unique, server-side secret key is randomly generated (and never transmitted). It can be used to sign forms (HMAC) or generate form tokens (protection against XSRF). See $_SESSION['uid'] Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor LoginManager stay-signed-in token managementVirtualTam2018-06-022-7/+33
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Refactor session and cookie timeout controlVirtualTam2018-06-022-14/+39
| | | | Signed-off-by: VirtualTam <virtualtam@flibidi.net>
* Move LoginManager and SessionManager to the Security namespaceVirtualTam2018-06-022-0/+417
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-22 11:03:24 +0000