* add CSRF protection to xhr requests

 * force ORM to use SQLITE WAL
 * add .editorconfig
 * cleanup a few things

1 files changed, 4 insertions, 0 deletions

diff --git a/include/sessions.php b/include/sessions.php
index b39a983..b4d901b 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -35,6 +35,10 @@
 				setcookie(session_name(), '', time()-42000, '/');
 			}
 
+			if (isset($_COOKIE["epube_csrf_token"])) {
+				setcookie("epube_csrf_token", '', time()-42000, '/');
+			}
+
 			session_commit();
 		}
 	}