From 66e7eb03a60d41ee11ff7b42303450782600a28b Mon Sep 17 00:00:00 2001
From: Dennis Eichhorn <spl1nes.com@googlemail.com>
Date: Sun, 27 Dec 2015 11:45:48 +0100
Subject: [PATCH] Creating CSRF token

---
 DataStorage/Session/HttpSession.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/DataStorage/Session/HttpSession.php b/DataStorage/Session/HttpSession.php
index 90a42061f..ec3ab676b 100644
--- a/DataStorage/Session/HttpSession.php
+++ b/DataStorage/Session/HttpSession.php
@@ -14,6 +14,8 @@
  * @link       http://orange-management.com
  */
 namespace phpOMS\DataStorage\Session;
+use phpOMS\Uri\UriFactory;
+use phpOMS\Utils\RnG\StringUtils;
 
 /**
  * Http session class.
@@ -54,12 +56,17 @@ class HttpSession implements SessionInterface
             session_id($sid);
         }
 
-        session_set_cookie_params($liftetime);
+        session_set_cookie_params($liftetime, '/', null, false, true);
         session_start();
         $this->sessionData = $_SESSION;
+        $_SESSION = null;
 
         $this->sid = session_id();
         session_write_close();
+
+        $CSRF = StringUtils::generateString(10, 16);
+        $this->set('CSRF', $CSRF, false);
+        UriFactory::setQuery('$CSRF', $CSRF);
     }
 
     /**