Only create cookie when needed

top.inc.php

@@ -14,19 +14,28 @@ require "inc/reg.inc.php";
 require "inc/pages.inc.php";
 
 // Session initialisation (with cookies)
-session_start([
-  'name' => 'niver',
-  'sid_length' => 64,
-  'cookie_secure' => true,
-  'cookie_httponly' => true,
-  'cookie_samesite' => 'Strict',
-  'cookie_path' => PREFIX . '/',
-  'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
-  'gc_maxlifetime' => 10800,
-  'use_strict_mode' => true,
-  'use_cookies' => true,
-  'use_only_cookies' => true,
-]);
+if (
+    isset($_COOKIE['niver']) // Resume session
+  OR
+    (SERVICE === "auth"
+    AND PAGE === "login"
+    AND isset($_POST['username']))
+  ) {
+  session_start([
+    'name' => 'niver',
+    'sid_length' => 64,
+    'sid_bits_per_character' => 6,
+    'cookie_secure' => true,
+    'cookie_httponly' => true,
+    'cookie_samesite' => 'Strict',
+    'cookie_path' => PREFIX . '/',
+    'cookie_lifetime' => 432000, // = 60*60*24*5 = 5 days
+    'gc_maxlifetime' => 10800,
+    'use_strict_mode' => true,
+    'use_cookies' => true,
+    'use_only_cookies' => true,
+  ]);
+}
 
 // Redirect to the login page if not logged in
 if (SERVICE != "auth" AND !isset($_SESSION['username'])) {