0, 'path' => '/', 'domain' => APP_COOKIE_DOMAIN ?: '', 'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'), 'httponly' => true, 'samesite' => 'Lax', ]); session_start(); } } // ----------------------------------------------------------- // 2) Persistente Client-ID (für Tracking über Besuche hinweg) // ----------------------------------------------------------- if (php_sapi_name() !== 'cli') { $clientId = $_COOKIE[$clientCookieName] ?? null; // Erwartet wird: 64 Hex-Zeichen (32 Bytes) if ( !is_string($clientId) || $clientId === '' || !preg_match('/^[a-f0-9]{64}$/', $clientId) ) { // neue ID erzeugen try { $clientId = bin2hex(random_bytes(32)); // 32 bytes → 64 hex } catch (Throwable $e) { $clientId = bin2hex(openssl_random_pseudo_bytes(32)); } $cookieOpts = [ 'expires' => time() + APP_CLIENT_COOKIE_LIFETIME, 'path' => '/', 'secure' => (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off'), 'httponly' => false, // JS darf es lesen, wenn erwünscht 'samesite' => 'Lax', ]; if (!empty(APP_COOKIE_DOMAIN)) { $cookieOpts['domain'] = APP_COOKIE_DOMAIN; } setcookie($clientCookieName, $clientId, $cookieOpts); $_COOKIE[$clientCookieName] = $clientId; } // global verfügbar machen (NEUER NAME!) $GLOBALS['cookie_client_id'] = $clientId; } // ----------------------------------------------------------- // 3) Sprachlogik laden (bleibt sinnvoll zentral) // ----------------------------------------------------------- require_once __DIR__ . '/i18n.php'; // ----------------------------------------------------------- // 4) Rest des Systems laden (DB, Funktionen, Hilfs-Libs) // ----------------------------------------------------------- require_once __DIR__ . "/db.php"; //require_once __DIR__ . '/../src/functions.php';