Added more security flags to prevent XSS attack from cookie.

2024-10-09 15:56:47 +01:00
parent c08c069479
commit 96365eef2a
4 changed files with 45 additions and 1 deletions
--- a/system/controllers/logout.php
+++ b/system/controllers/logout.php
@ -1,12 +1,17 @@
 <?php
+
 /**
 *  PHP Mikrotik Billing (https://github.com/hotspotbilling/phpnuxbill/)
 *  by https://t.me/ibnux
 **/

+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
+header("Pragma: no-cache");
+
 run_hook('customer_logout'); #HOOK
 if (session_status() == PHP_SESSION_NONE) session_start();
 Admin::removeCookie();
 User::removeCookie();
 session_destroy();
-_alert(Lang::T('Logout Successful'),'warning', "login");
+_alert(Lang::T('Logout Successful'), 'warning', "login");