diff options
author | nikrou <nikrou@piwigo.org> | 2006-01-15 13:45:42 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2006-01-15 13:45:42 +0000 |
commit | c3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch) | |
tree | e59456bdf40caf57ca5d3586190c3b3f6e8eb463 /include/config_default.inc.php | |
parent | b223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff) |
Improve security of sessions:
- use only cookies to store session id on client side
- use default php session system with database handler to store sessions on server side
git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/config_default.inc.php')
-rw-r--r-- | include/config_default.inc.php | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php index 7c7ea9089..31362a463 100644 --- a/include/config_default.inc.php +++ b/include/config_default.inc.php @@ -264,6 +264,21 @@ $conf['use_exif_mapping'] = array( // | sessions | // +-----------------------------------------------------------------------+ +// specifies to use cookie to store the session id on client side +$conf['session_use_cookies'] = 1; + +// specifies to only use cookie to store the session id on client side +$conf['session_use_only_cookies'] = 1; + +// do not use transparent session id support +$conf['session_use_trans_sid'] = 0; + +// specifies the name of the session which is used as cookie name +$conf['session_name'] = 'pwg_id'; + +// comment the line below to use file handler for sessions. +$conf['session_save_handler'] = 'db'; + // authorize_remembering : permits user to stay logged for a long time. It // creates a cookie on client side. $conf['authorize_remembering'] = true; @@ -275,16 +290,6 @@ $conf['remember_me_length'] = 31536000; // session_length : time of validity for normal session, in seconds. $conf['session_length'] = 3600; -// session_id_size : a session identifier is compound of alphanumeric -// characters and is case sensitive. Each character is among 62 -// possibilities. The number of possible sessions is -// 62^$conf['session_id_size']. -// -// 62^5 = 916,132,832 -// 62^10 = 839,299,365,868,340,224 -// -$conf['session_id_size'] = 10; - // +-----------------------------------------------------------------------+ // | debug | // +-----------------------------------------------------------------------+ |