Changeset 1004 for trunk/identification.php

Timestamp:

Jan 15, 2006, 2:45:42 PM (18 years ago)

Author:

nikrou

Message:

Improve security of sessions:

• use only cookies to store session id on client side
• use default php session system with database handler to store sessions on server side

File:

• trunk/identification.php (modified) (2 diffs)

trunk/identification.php

@@ -52 +52 @@
       $session_length = $conf['remember_me_length'];
     }
-    $session_id = session_create($row['id'], $session_length);
-    redirect('category.php?id='.$session_id);
+    session_start();
+    $_SESSION['id'] = $row['id'];
+    redirect('category.php');
   }
   else
@@ -81 +82 @@
     'L_REMEMBER_ME'=>$lang['remember_me'],
 
-    'U_REGISTER' => add_session_id(PHPWG_ROOT_PATH.'register.php'),
-    'U_LOST_PASSWORD' => add_session_id(PHPWG_ROOT_PATH.'password.php'),
-    'U_HOME' => add_session_id(PHPWG_ROOT_PATH.'category.php'),
+    'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
+    'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
+    'U_HOME' => PHPWG_ROOT_PATH.'category.php',
     
-    'F_LOGIN_ACTION' => add_session_id(PHPWG_ROOT_PATH.'identification.php')
+    'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
     ));