aboutsummaryrefslogtreecommitdiffstats
path: root/include/config_default.inc.php
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
committernikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
commitc3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch)
treee59456bdf40caf57ca5d3586190c3b3f6e8eb463 /include/config_default.inc.php
parentb223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff)
Improve security of sessions:
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/config_default.inc.php')
-rw-r--r--include/config_default.inc.php25
1 files changed, 15 insertions, 10 deletions
diff --git a/include/config_default.inc.php b/include/config_default.inc.php
index 7c7ea9089..31362a463 100644
--- a/include/config_default.inc.php
+++ b/include/config_default.inc.php
@@ -264,6 +264,21 @@ $conf['use_exif_mapping'] = array(
// | sessions |
// +-----------------------------------------------------------------------+
+// specifies to use cookie to store the session id on client side
+$conf['session_use_cookies'] = 1;
+
+// specifies to only use cookie to store the session id on client side
+$conf['session_use_only_cookies'] = 1;
+
+// do not use transparent session id support
+$conf['session_use_trans_sid'] = 0;
+
+// specifies the name of the session which is used as cookie name
+$conf['session_name'] = 'pwg_id';
+
+// comment the line below to use file handler for sessions.
+$conf['session_save_handler'] = 'db';
+
// authorize_remembering : permits user to stay logged for a long time. It
// creates a cookie on client side.
$conf['authorize_remembering'] = true;
@@ -275,16 +290,6 @@ $conf['remember_me_length'] = 31536000;
// session_length : time of validity for normal session, in seconds.
$conf['session_length'] = 3600;
-// session_id_size : a session identifier is compound of alphanumeric
-// characters and is case sensitive. Each character is among 62
-// possibilities. The number of possible sessions is
-// 62^$conf['session_id_size'].
-//
-// 62^5 = 916,132,832
-// 62^10 = 839,299,365,868,340,224
-//
-$conf['session_id_size'] = 10;
-
// +-----------------------------------------------------------------------+
// | debug |
// +-----------------------------------------------------------------------+