This option should be left enabled by default by mistake.

--enable-trans-sid option is removed and this option should
be disabled by default in php.ini.

1) It's insecure by nature
2) It may not work well always
3) It wasn't enabled by default used be
4) It risks security and user should enable it after realizing
   it's security risks.

diff --git a/php.ini-dist b/php.ini-dist
index 7bae2ec1f5d57823de05516cafdc11dd49bcab70..ec0fb08625745e24c0421dc3201821c51d28499b 100644 (file)
--- a/php.ini-dist
+++ b/php.ini-dist
@@ -784,8 +784,10 @@ session.cache_limiter = nocache
 ; Document expires after n minutes.
 session.cache_expire = 180
 
-; use transient sid support if enabled by compiling with --enable-trans-sid.
-session.use_trans_sid = 1
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users security. It may not be
+; feasible to use this option for some sites. Use this option with caution.
+session.use_trans_sid = 0
 
 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
 

diff --git a/php.ini-recommended b/php.ini-recommended
index f3cd3989ed3db22fc2b5efe266d1252d37d253fc..663b8d9f7160fad095f09c19fb6a702ab93d4380 100644 (file)
--- a/php.ini-recommended
+++ b/php.ini-recommended
@@ -791,8 +791,10 @@ session.cache_limiter = nocache
 ; Document expires after n minutes.
 session.cache_expire = 180
 
-; use transient sid support if enabled by compiling with --enable-trans-sid.
-session.use_trans_sid = 1
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users security. It may not be
+; feasible to use this option for some sites. Use this option with caution.
+session.use_trans_sid = 0
 
 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"