세션 경로 하드코딩 제거

2026-02-05 12:53:59 +09:00
parent 7034a3643a
commit 422991aaf5
17 changed files with 42 additions and 34 deletions
--- a/kngil/auth/oidc-callback.php
+++ b/kngil/auth/oidc-callback.php
@@ -253,6 +253,7 @@ try {
    }

    // 3. 세션 설정 (bbs/login.php 와 동일한 구조)
+    session_regenerate_id(true);
    $_SESSION['login'] = [
        'member_id' => $user['member_id'],
        'user_id'   => $user['user_id'],
--- a/kngil/bbs/adm.php
+++ b/kngil/bbs/adm.php
@@ -3,10 +3,8 @@ error_reporting(E_ALL);
 ini_set('display_errors', 1);
 header('Content-Type: application/json; charset=utf-8');

-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 require_once __DIR__ . '/db_conn.php';

 /* =================================================
--- a/kngil/bbs/adm_guard.php
+++ b/kngil/bbs/adm_guard.php
@@ -1,8 +1,6 @@
 <?php
-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 /* =========================
   1. 로그인 체크
 ========================= */
--- a/kngil/bbs/env.php
+++ b/kngil/bbs/env.php
@@ -67,6 +67,18 @@ function kngil_start_session(): void

    $params = session_get_cookie_params();
    $samesite = $params['samesite'] ?? 'Lax';
+    $cookieName = session_name();
+
+    if (!empty($_COOKIE[$cookieName])) {
+        setcookie($cookieName, '', [
+            'expires' => time() - 3600,
+            'path' => '/kngil',
+            'domain' => $params['domain'],
+            'secure' => $params['secure'],
+            'httponly' => $params['httponly'],
+            'samesite' => $samesite,
+        ]);
+    }

    session_set_cookie_params([
        'lifetime' => $params['lifetime'],
--- a/kngil/bbs/login.php
+++ b/kngil/bbs/login.php
@@ -55,6 +55,7 @@ if ($user['user_pw'] !== $pw) {
 }

 // ✅ 로그인 성공
+session_regenerate_id(true);
 $_SESSION['login'] = [
    'member_id' => $user['member_id'],
    'user_id'   => $user['user_id'],
--- a/kngil/bbs/logout.php
+++ b/kngil/bbs/logout.php
@@ -1,5 +1,6 @@
 <?php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 session_destroy();

 header('Location: /');
--- a/kngil/bbs/mypage01.php
+++ b/kngil/bbs/mypage01.php
@@ -1,6 +1,7 @@
 <?php
 //mypage01.php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 require_once $_SERVER['DOCUMENT_ROOT'].'/kngil/bbs/db_conn.php';

 if (!isset($_SESSION['login'])) {
--- a/kngil/bbs/mypage02.php
+++ b/kngil/bbs/mypage02.php
@@ -1,5 +1,6 @@
 <?php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 require_once $_SERVER['DOCUMENT_ROOT'].'/kngil/bbs/db_conn.php';

 header('Content-Type: application/json');
--- a/kngil/bbs/mypage03.php
+++ b/kngil/bbs/mypage03.php
@@ -1,5 +1,6 @@
 <?php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 require_once $_SERVER['DOCUMENT_ROOT'].'/kngil/bbs/db_conn.php';

 header('Content-Type: application/json');
--- a/kngil/bbs/qa_comment.php
+++ b/kngil/bbs/qa_comment.php
@@ -1,5 +1,6 @@
 <?php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 header('Content-Type: application/json');

 if (empty($_SESSION['login'])) {
--- a/kngil/bbs/qa_comment_delete.php
+++ b/kngil/bbs/qa_comment_delete.php
@@ -1,5 +1,6 @@
 <?php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 header('Content-Type: application/json');

 require_once __DIR__.'/db_conn.php';
--- a/kngil/bbs/qa_comment_update.php
+++ b/kngil/bbs/qa_comment_update.php
@@ -1,5 +1,6 @@
 <?php
-session_start();
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 header('Content-Type: application/json');

 require_once __DIR__.'/db_conn.php';
--- a/kngil/bbs/qa_detail.php
+++ b/kngil/bbs/qa_detail.php
@@ -7,10 +7,8 @@ error_reporting(E_ALL);
 /* ===============================
   1. 세션 & 로그인 체크
 =============================== */
-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 if (empty($_SESSION['login'])) {
    echo "<script>
        alert('로그인 후 이용 가능합니다.');
--- a/kngil/bbs/qa_list.php
+++ b/kngil/bbs/qa_list.php
@@ -7,10 +7,8 @@
 ini_set('display_errors', 1);
 error_reporting(E_ALL);

-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 require_once $_SERVER['DOCUMENT_ROOT'].'/kngil/bbs/db_conn.php';

 /* =========================
--- a/kngil/bbs/qa_status.php
+++ b/kngil/bbs/qa_status.php
@@ -1,8 +1,6 @@
 <?php
-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 require_once $_SERVER['DOCUMENT_ROOT'].'/kngil/bbs/db_conn.php';
 require_once $_SERVER['DOCUMENT_ROOT'].'/kngil/bbs/adm_guard.php';

--- a/kngil/bbs/qa_write.php
+++ b/kngil/bbs/qa_write.php
@@ -6,10 +6,8 @@ error_reporting(E_ALL);
 /* ===============================
   1. 세션 & 로그인 체크
 =============================== */
-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
-
+require_once __DIR__ . '/env.php';
+kngil_start_session();
 // echo '<pre>';
 // var_dump($_SESSION['login']);
 // exit;
--- a/kngil/skin/index.php
+++ b/kngil/skin/index.php
@@ -1,7 +1,6 @@
 <?php
-if (session_status() === PHP_SESSION_NONE) {
-    session_start();
-}
+require_once __DIR__ . '/../bbs/env.php';
+kngil_start_session();
 ?>
 <!DOCTYPE html>
 <!--index.php-->