fix bug #127: update session class

2 files changed, 10 insertions, 1 deletions

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 9db4a034..2f0f7038 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -93,6 +93,7 @@ class Poche
     private function init() 
     {
         Tools::initPhp();
+        Session::$sessionName = 'poche'; 
         Session::init();
 
         if (isset($_SESSION['poche_user']) && $_SESSION['poche_user'] != array()) {
diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index aaa26af8..9247c292 100755
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -48,4 +48,12 @@ if (!ini_get('date.timezone') || !@date_default_timezone_set(ini_get('date.timez
     date_default_timezone_set('UTC');
 }
 
-$poche = new Poche();
\ No newline at end of file
+$poche = new Poche();
+
+#XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}
\ No newline at end of file