From 21f1d180ad60986c736d3fe8a483e66bbc4627e5 Mon Sep 17 00:00:00 2001
From: Jeroen De Meerleer <me@jeroened.be>
Date: Mon, 31 Jan 2022 15:25:08 +0100
Subject: [PATCH] ENHANCEMENT: added security hardening

---
 bootstrap.php            | 1 -
 lib/Framework/Kernel.php | 7 +++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/bootstrap.php b/bootstrap.php
index b5d4881..9711f53 100644
--- a/bootstrap.php
+++ b/bootstrap.php
@@ -1,6 +1,5 @@
 <?php
 
-session_start();
 require_once "vendor/autoload.php";
 
 if( ini_get('safe_mode') ){
diff --git a/lib/Framework/Kernel.php b/lib/Framework/Kernel.php
index a5557c5..2fd2965 100644
--- a/lib/Framework/Kernel.php
+++ b/lib/Framework/Kernel.php
@@ -100,6 +100,13 @@ class Kernel
         $this->router = new Router();
         $this->router->parseRoutes($this->getConfigDir(), 'routes.yaml');
         $request = $this->parseRequest();
+
+        if($request->isSecure()) {
+            ini_set('session.cookie_httponly', true);
+            ini_set('session.cookie_secure', true);
+        }
+
+        session_start();
         return $this->router->route($request, $this);
     }