Session: enabled PHP option use_strict_mode

dg · dg · commit 43c26b9c421e · 2018-09-03T21:42:16.000+02:00
diff --git a/src/Http/Session.php b/src/Http/Session.php
@@ -35,6 +35,7 @@ class Session
 		'use_cookies' => 1,       // must be enabled to prevent Session Hijacking and Fixation
 		'use_only_cookies' => 1,  // must be enabled to prevent Session Fixation
 		'use_trans_sid' => 0,     // must be disabled to prevent Session Hijacking and Fixation
+		'use_strict_mode' => 1,   // must be enabled to prevent Session Fixation
 
 		// cookies
 		'cookie_lifetime' => 0,   // until the browser is closed
diff --git a/tests/Http/Session.cookies.phpt b/tests/Http/Session.cookies.phpt
@@ -23,6 +23,7 @@ Assert::same([
 	'use_cookies' => 1,
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
+	'use_strict_mode' => 1,
 	'cookie_lifetime' => 0,
 	'cookie_httponly' => true,
 	'cookie_samesite' => 'Lax',
diff --git a/tests/Http/Session.setOptions.phpt b/tests/Http/Session.setOptions.phpt
@@ -20,6 +20,7 @@ Assert::same([
 	'use_cookies' => 1,
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
+	'use_strict_mode' => 1,
 	'cookie_lifetime' => 0,
 	'cookie_httponly' => true,
 	'cookie_samesite' => 'Lax',
@@ -38,6 +39,7 @@ Assert::same([
 	'use_cookies' => 1,
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
+	'use_strict_mode' => 1,
 	'cookie_lifetime' => 0,
 	'cookie_httponly' => true,
 	'cookie_samesite' => 'Lax',
@@ -55,6 +57,7 @@ Assert::same([
 	'use_cookies' => 1,
 	'use_only_cookies' => 1,
 	'use_trans_sid' => 0,
+	'use_strict_mode' => 1,
 	'cookie_lifetime' => 0,
 	'cookie_httponly' => true,
 	'cookie_samesite' => 'Lax',
