Headline
CVE-2023-4654: Add session regenerate after login & logout. Secure cookie if HTTPS. · instantsoft/icms2@ca5f150
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.
Expand Up @@ -265,6 +265,8 @@ public static function autoLogin($auth_token) {
self::setUserSession($user, $user[‘ip’]);
self::sessionRegenerate();
return intval($user[‘id’]); }
Expand Down Expand Up @@ -343,6 +345,8 @@ public static function loginComplete($user, $remember = false) { self::getInstance()->id = $user[‘id’]; self::getInstance()->is_logged = true;
self::sessionRegenerate();
return true; }
Expand Down Expand Up @@ -384,6 +388,8 @@ public static function logout() {
self::sessionUnset(‘user’);
self::sessionRegenerate();
return true; }
Expand Down Expand Up @@ -486,6 +492,19 @@ public static function sessionStart(cmsConfig $config) { } }
public static function sessionRegenerate() {
session_regenerate_id(false);
$id = session_id();
session_write_close();
session_id($id);
session_start(); }
public static function sessionSet($key, $value) {
if (strpos($key, ‘:’) === false) { Expand Down Expand Up @@ -568,7 +587,7 @@ public static function setCookie($key, $value, $time = 3600, $path = '/’, $http_ ‘path’ => $path, ‘domain’ => $domain, ‘samesite’ => 'Lax’, ‘secure’ => false, ‘secure’ => cmsConfig::isSecureProtocol(), ‘httponly’ => $http_only ]); } Expand Down