From 699ccceaa4d2a7ca827de759b8f61323b6cf8b99 Mon Sep 17 00:00:00 2001
From: Yasuo Ohgaki <yohgaki@php.net>
Date: Wed, 14 Aug 2002 06:45:23 +0000
Subject: [PATCH] Added trans_sid security risk examples.

---
 php.ini-dist        | 10 ++++++++--
 php.ini-recommended | 10 ++++++++--
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/php.ini-dist b/php.ini-dist
index f63bdfe98f..b497e804e9 100644
--- a/php.ini-dist
+++ b/php.ini-dist
@@ -808,8 +808,14 @@ session.cache_limiter = nocache
 session.cache_expire = 180
 
 ; trans sid support is disabled by default.
-; Use of trans sid may risk your users security. It may not be
-; feasible to use this option for some sites. Use this option with caution.
+; Use of trans sid may risk your users security. 
+; Use this option with caution.
+; - User may send URL contains active session ID
+;   to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+;   in publically accessible computer.
+; - User may access your site with the same session ID
+;   always using URL stored in browser's history or bookmarks.
 session.use_trans_sid = 0
 
 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
diff --git a/php.ini-recommended b/php.ini-recommended
index 2c26e27fee..c157e039b6 100644
--- a/php.ini-recommended
+++ b/php.ini-recommended
@@ -824,8 +824,14 @@ session.cache_limiter = nocache
 session.cache_expire = 180
 
 ; trans sid support is disabled by default.
-; Use of trans sid may risk your users security. It may not be
-; feasible to use this option for some sites. Use this option with caution.
+; Use of trans sid may risk your users security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+;   to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+;   in publically accessible computer. 
+; - User may access your site with the same session ID
+;   always using URL stored in browser's history or bookmarks.
 session.use_trans_sid = 0
 
 url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
-- 
2.50.1