Rename some session array keys

* Rename "auth" to "USER_ID"
* Rename "token" to "CSRF_TOKEN"

2 files changed, 5 insertions, 5 deletions

diff --git a/admin/auth.php b/admin/auth.php
index d0abc38..8d7bf9a 100644
--- a/admin/auth.php
+++ b/admin/auth.php
@@ -33,7 +33,7 @@ if(HTTP::issetPOST('username', 'password')) {
 
 		if($User = $UserRepository->findBy('username', HTTP::POST('username'))) {
 			if(password_verify(HTTP::POST('password'), $User->get('password'))) {
-				$_SESSION['auth'] = $User->getID();
+				$_SESSION['USER_ID'] = $User->getID();
 				HTTP::redirect(Application::getAdminURL());
 			} else {
 				$messages[] = $Language->text('authentication_failure');
diff --git a/core/namespace/Application.php b/core/namespace/Application.php
index fa5e0a9..8346248 100644
--- a/core/namespace/Application.php
+++ b/core/namespace/Application.php
@@ -116,18 +116,18 @@ class Application {
 	# Return unique CSRF token for the current session
 	#===============================================================================
 	public static function getSecurityToken(): string {
-		if(!isset($_SESSION['token'])) {
-			$_SESSION['token'] = bin2hex(random_bytes(16));
+		if(!isset($_SESSION['CSRF_TOKEN'])) {
+			$_SESSION['CSRF_TOKEN'] = bin2hex(random_bytes(16));
 		}
 
-		return $_SESSION['token'];
+		return $_SESSION['CSRF_TOKEN'];
 	}
 
 	#===============================================================================
 	# Return boolean if successfully authenticated
 	#===============================================================================
 	public static function isAuthenticated(): bool {
-		return isset($_SESSION['auth']);
+		return isset($_SESSION['USER_ID']);
 	}
 
 	#===============================================================================