Browse Source

- Changed "session.use_only_cookies" to be on by default.

migration/RELEASE_1_0_0
foobar 21 years ago
parent
commit
ecd8376f36
  1. 2
      ext/session/session.c
  2. 4
      php.ini-dist
  3. 4
      php.ini-recommended

2
ext/session/session.c

@ -167,7 +167,7 @@ PHP_INI_BEGIN()
STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)

4
php.ini-dist

@ -895,8 +895,8 @@ session.save_handler = files
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1
; attacks which involve passing session ids in URLs; defaults to 1.
session.use_only_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID

4
php.ini-recommended

@ -952,8 +952,8 @@ session.save_handler = files
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1
; attacks which involve passing session ids in URLs; defaults to 1.
session.use_only_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID

Loading…
Cancel
Save