Fix CSRF token handling: add session to index.php, fix cookie_secure for HTTPS
This commit is contained in:
root
@@ -2,7 +2,7 @@
|
||||
// Start session before any output
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
||||
ini_set('session.cookie_httponly', '1');
|
||||
ini_set('session.cookie_secure', '0'); // Set to '1' if using HTTPS
|
||||
ini_set('session.cookie_secure', '1'); // Set to '1' if using HTTPS
|
||||
session_start();
|
||||
|
||||
// Enhanced security headers
|
||||
|
||||
Reference in New Issue
Block a user