Increase the strength of the session id

meeting-room-booking-system · Nov 18, 2023 · ce808b1 · ce808b1
1 parent 133b664
commit ce808b1
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/web/lib/MRBS/Session/Session.php b/web/lib/MRBS/Session/Session.php
@@ -47,6 +47,13 @@ public function init(int $lifetime) : void
       ini_set('session.cookie_samesite', 'Strict');
     }
     ini_set('session.cookie_secure', (is_https()) ? '1' : '0');
+    $sid_bits_per_character = ini_get('session.sid_bits_per_character');
+    if (($sid_bits_per_character !== false) && ($sid_bits_per_character < 5))
+    {
+      // Increase the strength of the session ID by increasing the number of
+      // bits per character. The default is 4.
+      ini_set('session.sid_bits_per_character', '5');
+    }
     // More settings, as a defence against session fixation.
     ini_set('session.use_only_cookies', '1');
     ini_set('session.use_strict_mode', '1');