Implement CSRF protection in contact form: Added session management and CSRF token validation to enhance security. Updated AJAX response handling in JavaScript to reset button state after submission.

2026-01-06 21:49:24 +01:00
parent a6aab5208d
commit 385baf2db7
3 changed files with 29 additions and 0 deletions
--- a/public/includes/functions.php
+++ b/public/includes/functions.php
@@ -3,6 +3,11 @@
 * Helper functions for HexaHost.de
 */

+// Start session for CSRF token
+if (session_status() === PHP_SESSION_NONE) {
+    session_start();
+}
+
 /**
 * Set page configuration and include header
 *