From: foobar Date: Fri, 2 Dec 2005 18:42:41 +0000 (+0000) Subject: - Changed "session.use_only_cookies" to be on by default. X-Git-Tag: RELEASE_1_1_1~76 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ecd8376f36af4c600895785c90c0e035ba3dc687;p=php - Changed "session.use_only_cookies" to be on by default. --- diff --git a/ext/session/session.c b/ext/session/session.c index 34d7794d39..fd32a77a61 100644 --- a/ext/session/session.c +++ b/ext/session/session.c @@ -167,7 +167,7 @@ PHP_INI_BEGIN() STD_PHP_INI_ENTRY("session.cookie_domain", "", PHP_INI_ALL, OnUpdateString, cookie_domain, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.cookie_secure", "", PHP_INI_ALL, OnUpdateBool, cookie_secure, php_ps_globals, ps_globals) STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals) - STD_PHP_INI_BOOLEAN("session.use_only_cookies", "0", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) + STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals) STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals) diff --git a/php.ini-dist b/php.ini-dist index de3c031e8d..eefaf9f22b 100644 --- a/php.ini-dist +++ b/php.ini-dist @@ -895,8 +895,8 @@ session.save_handler = files session.use_cookies = 1 ; This option enables administrators to make their users invulnerable to -; attacks which involve passing session ids in URLs; defaults to 0. -; session.use_only_cookies = 1 +; attacks which involve passing session ids in URLs; defaults to 1. +session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID diff --git a/php.ini-recommended b/php.ini-recommended index ba1ce7f38e..cb4d0c1938 100644 --- a/php.ini-recommended +++ b/php.ini-recommended @@ -952,8 +952,8 @@ session.save_handler = files session.use_cookies = 1 ; This option enables administrators to make their users invulnerable to -; attacks which involve passing session ids in URLs; defaults to 0. -; session.use_only_cookies = 1 +; attacks which involve passing session ids in URLs; defaults to 1. +session.use_only_cookies = 1 ; Name of the session (used as cookie name). session.name = PHPSESSID