sniper Fri Dec 2 13:42:41 2005 EDT Modified files: /php-src php.ini-dist php.ini-recommended /php-src/ext/session session.c Log: - Changed "session.use_only_cookies" to be on by default. http://cvs.php.net/diff.php/php-src/php.ini-dist?r1=1.238&r2=1.239&ty=u Index: php-src/php.ini-dist diff -u php-src/php.ini-dist:1.238 php-src/php.ini-dist:1.239 --- php-src/php.ini-dist:1.238 Fri Nov 18 11:20:41 2005 +++ php-src/php.ini-dist Fri Dec 2 13:42:40 2005 @@ -895,8 +895,8 @@ session.use_cookies = 1 ; This option enables administrators to make their users invulnerable to -; attacks which involve passing session ids in URLs; defaults to 0. -; session.use_only_cookies = 1 +; attacks which involve passing session ids in URLs; defaults to 1. +session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID http://cvs.php.net/diff.php/php-src/php.ini-recommended?r1=1.187&r2=1.188&ty=u Index: php-src/php.ini-recommended diff -u php-src/php.ini-recommended:1.187 php-src/php.ini-recommended:1.188 --- php-src/php.ini-recommended:1.187 Fri Nov 18 11:20:41 2005 +++ php-src/php.ini-recommended Fri Dec 2 13:42:40 2005 @@ -952,8 +952,8 @@ session.use_cookies = 1 ; This option enables administrators to make their users invulnerable to -; attacks which involve passing session ids in URLs; defaults to 0. -; session.use_only_cookies = 1 +; attacks which involve passing session ids in URLs; defaults to 1. +session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID http://cvs.php.net/diff.php/php-src/ext/session/session.c?r1=1.422&r2=1.423&ty=u Index: php-src/ext/session/session.c diff -u php-src/ext/session/session.c:1.422 php-src/ext/session/session.c:1.423 --- php-src/ext/session/session.c:1.422 Fri Sep 23 04:13:57 2005 +++ php-src/ext/session/session.c Fri Dec 2 13:42:41 2005 @@ -17,7 +17,7 @@ +----------------------------------------------------------------------+ */ -/* $Id: session.c,v 1.422 2005/09/23 08:13:57 sniper Exp $ */ +/* $Id: session.c,v 1.423 2005/12/02 18:42:41 sniper Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -167,7 +167,7 @@ STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
-- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php