nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

session cookie path (bug #1370294)

Browse Source
This commit is contained in:
Sebastian Mendel
2005-12-01 08:57:20 +00:00
parent f05a0df6f6
commit 76f7c21270
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -10,6 +10,7 @@ $Source$
missing '/' in img path (bug #1370437) missing '/' in img path (bug #1370437)
* libraries/Config.class.php: * libraries/Config.class.php:
no error for missing config file (bug #1370269) no error for missing config file (bug #1370269)
* libraries/session.inc.php: session cookie path (bug #1370294)
2005-11-30 Michal Čihař <michal@cihar.com> 2005-11-30 Michal Čihař <michal@cihar.com>
* lang/*: Messages for Sebastian. * lang/*: Messages for Sebastian.

12
libraries/session.inc.php
View File

@@ -2,8 +2,8 @@
/* $Id$ */ /* $Id$ */
// vim: expandtab sw=4 ts=4 sts=4: // vim: expandtab sw=4 ts=4 sts=4:
/** /**
* session handling * session handling
* *
* @TODO add failover or warn if sessions are not configured properly * @TODO add failover or warn if sessions are not configured properly
* @TODO add an option to use mm-module for session handler * @TODO add an option to use mm-module for session handler
* @see http://www.php.net/session * @see http://www.php.net/session
@@ -35,6 +35,10 @@ if (!@function_exists('session_name')) {
exit(); exit();
} }
// session cookie settings
session_set_cookie_params( 0, $GLOBALS['cookie_path'],
'', $GLOBALS['is_https'] );
// disable starting of sessions before all settings are done // disable starting of sessions before all settings are done
ini_set( 'session.auto_start', false ); ini_set( 'session.auto_start', false );
@@ -56,7 +60,7 @@ ini_set( 'session.bug_compat_42', false );
ini_set( 'session.bug_compat_warn', true ); ini_set( 'session.bug_compat_warn', true );
// use more secure session ids (with PHP 5) // use more secure session ids (with PHP 5)
if ( version_compare( PHP_VERSION, '5.0.0', 'ge' ) if ( version_compare( PHP_VERSION, '5.0.0', 'ge' )
&& substr( PHP_OS, 0 ,3 ) != 'WIN' ) { && substr( PHP_OS, 0 ,3 ) != 'WIN' ) {
ini_set( 'session.hash_function', 1 ); ini_set( 'session.hash_function', 1 );
ini_set( 'session.hash_bits_per_character', 6 ); ini_set( 'session.hash_bits_per_character', 6 );
@@ -72,7 +76,7 @@ if ( version_compare( PHP_VERSION, '5.0.0', 'ge' )
* trys to secure session from hijacking and fixation * trys to secure session from hijacking and fixation
* should be called before login and after successfull login * should be called before login and after successfull login
* (only required if sensitive information stored in session) * (only required if sensitive information stored in session)
* *
* @uses session_regenerate_id() to secure session from fixation * @uses session_regenerate_id() to secure session from fixation
* @uses session_id() to set new session id * @uses session_id() to set new session id
* @uses strip_tags() to prevent XSS attacks in SID * @uses strip_tags() to prevent XSS attacks in SID