Set session name based on security.salt rather than GRAV_ROOT #2242

getgrav · Nov 3, 2018 · 601990d · 601990d
1 parent 3469974
commit 601990d
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
     * Make `Data` class to extend `JsonSerializable`
     * Modified debugger icon to use retina space-dude version
     * Added missing `Video::preload()` method
+    * Set session name based on `security.salt` rather than `GRAV_ROOT` [#2242](https://github.com/getgrav/grav/issues/2242)
     * Added option to configure list of `xss_invalid_protocols` in `Security` config [#2250](https://github.com/getgrav/grav/issues/2250)
     * Smarter `security.salt` checking now we use `security.yaml` for other options
 

diff --git a/system/src/Grav/Common/Service/SessionServiceProvider.php b/system/src/Grav/Common/Service/SessionServiceProvider.php
@@ -68,7 +68,7 @@ public function register(Container $container)
             }
 
             $inflector = new Inflector();
-            $session_name = $inflector->hyphenize($config->get('system.session.name', 'grav_site')) . '-' . substr(md5(GRAV_ROOT), 0, 7);
+            $session_name = $inflector->hyphenize($config->get('system.session.name', 'grav-site')) . '-' . md5($config->get('security.salt'));
             if ($is_admin && $config->get('system.session.split', true)) {
                 $session_name .= '-admin';
             }