Ignore:
Timestamp:
Jan 15, 2006, 1:52:55 PM (18 years ago)
Author:
nikrou
Message:

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-1_5/include/config_default.inc.php

    r928 r1003  
    257257// +-----------------------------------------------------------------------+
    258258
     259// specifies to use cookie to store the session id on client side
     260$conf['session_use_cookies'] = 1;
     261
     262// specifies to only use cookie to store the session id on client side
     263$conf['session_use_only_cookies'] = 1;
     264
     265// do not use transparent session id support
     266$conf['session_use_trans_sid'] = 0;
     267
     268// specifies the name of the session which is used as cookie name
     269$conf['session_name'] = 'pwg_id';
     270
     271// comment the line below to use file handler for sessions.
     272$conf['session_save_handler'] = 'db';
     273
    259274// authorize_remembering : permits user to stay logged for a long time. It
    260275// creates a cookie on client side.
     
    267282// session_length : time of validity for normal session, in seconds.
    268283$conf['session_length'] = 3600;
    269 
    270 // session_id_size : a session identifier is compound of alphanumeric
    271 // characters and is case sensitive. Each character is among 62
    272 // possibilities. The number of possible sessions is
    273 // 62^$conf['session_id_size'].
    274 //
    275 // 62^5  =             916,132,832
    276 // 62^10 = 839,299,365,868,340,224
    277 //
    278 $conf['session_id_size'] = 10;
    279284
    280285// +-----------------------------------------------------------------------+
Note: See TracChangeset for help on using the changeset viewer.