Ignore:
Timestamp:
Jan 15, 2006, 2:45:42 PM (18 years ago)
Author:
nikrou
Message:

Improve security of sessions:

  • use only cookies to store session id on client side
  • use default php session system with database handler to store sessions on server side
File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/config_default.inc.php

    r953 r1004  
    265265// +-----------------------------------------------------------------------+
    266266
     267// specifies to use cookie to store the session id on client side
     268$conf['session_use_cookies'] = 1;
     269
     270// specifies to only use cookie to store the session id on client side
     271$conf['session_use_only_cookies'] = 1;
     272
     273// do not use transparent session id support
     274$conf['session_use_trans_sid'] = 0;
     275
     276// specifies the name of the session which is used as cookie name
     277$conf['session_name'] = 'pwg_id';
     278
     279// comment the line below to use file handler for sessions.
     280$conf['session_save_handler'] = 'db';
     281
    267282// authorize_remembering : permits user to stay logged for a long time. It
    268283// creates a cookie on client side.
     
    275290// session_length : time of validity for normal session, in seconds.
    276291$conf['session_length'] = 3600;
    277 
    278 // session_id_size : a session identifier is compound of alphanumeric
    279 // characters and is case sensitive. Each character is among 62
    280 // possibilities. The number of possible sessions is
    281 // 62^$conf['session_id_size'].
    282 //
    283 // 62^5  =             916,132,832
    284 // 62^10 = 839,299,365,868,340,224
    285 //
    286 $conf['session_id_size'] = 10;
    287292
    288293// +-----------------------------------------------------------------------+
Note: See TracChangeset for help on using the changeset viewer.