send CSRF token in a response header,

update the page's CSRF tokens with the new token from the response header, verify csrf token in ajax endpoints, initialize a session for every endpoint
2025-03-01 10:31:47 +00:00 · 2019-08-06 21:34:58 +02:00
parent 8f3489cd4a
commit da69d3d768
11 changed files with 48 additions and 13 deletions
--- a/includes/session.php
+++ b/includes/session.php
@@ -0,0 +1,5 @@
+<?php
+
+if (session_status() == PHP_SESSION_NONE) {
+  session_start();
+}