sniper Fri Dec 2 13:42:41 2005 EDT
Modified files:
/php-src php.ini-dist php.ini-recommended
/php-src/ext/session session.c
Log:
- Changed "session.use_only_cookies" to be on by default.
http://cvs.php.net/diff.php/php-src/php.ini-dist?r1=1.238&r2=1.239&ty=u
Index: php-src/php.ini-dist
diff -u php-src/php.ini-dist:1.238 php-src/php.ini-dist:1.239
--- php-src/php.ini-dist:1.238 Fri Nov 18 11:20:41 2005
+++ php-src/php.ini-dist Fri Dec 2 13:42:40 2005
@@ -895,8 +895,8 @@
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
-; attacks which involve passing session ids in URLs; defaults to 0.
-; session.use_only_cookies = 1
+; attacks which involve passing session ids in URLs; defaults to 1.
+session.use_only_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
http://cvs.php.net/diff.php/php-src/php.ini-recommended?r1=1.187&r2=1.188&ty=u
Index: php-src/php.ini-recommended
diff -u php-src/php.ini-recommended:1.187 php-src/php.ini-recommended:1.188
--- php-src/php.ini-recommended:1.187 Fri Nov 18 11:20:41 2005
+++ php-src/php.ini-recommended Fri Dec 2 13:42:40 2005
@@ -952,8 +952,8 @@
session.use_cookies = 1
; This option enables administrators to make their users invulnerable to
-; attacks which involve passing session ids in URLs; defaults to 0.
-; session.use_only_cookies = 1
+; attacks which involve passing session ids in URLs; defaults to 1.
+session.use_only_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.422&r2=1.423&ty=u
Index: php-src/ext/session/session.c
diff -u php-src/ext/session/session.c:1.422 php-src/ext/session/session.c:1.423
--- php-src/ext/session/session.c:1.422 Fri Sep 23 04:13:57 2005
+++ php-src/ext/session/session.c Fri Dec 2 13:42:41 2005
@@ -17,7 +17,7 @@
+----------------------------------------------------------------------+
*/
-/* $Id: session.c,v 1.422 2005/09/23 08:13:57 sniper Exp $ */
+/* $Id: session.c,v 1.423 2005/12/02 18:42:41 sniper Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -167,7 +167,7 @@
STD_PHP_INI_ENTRY("session.cookie_domain", "",
PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.cookie_secure", "",
PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_cookies", "1",
PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
- STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0",
PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
+ STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1",
PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.referer_check", "",
PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_file", "",
PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_length", "0",
PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
--
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
