Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_official / html / includes [ view in CVS ]
Date | Directory [filter] | File(s) [view] | Author [filter] |
26 Jul 2002 23:41:54 | postnuke_official/html/includes | pnSession.php,1.15.2.6,1.15.2.7 | Mike |
drop cookie_domain & move referer_check to security high (for multiple complaints about lost sessions) |
Update of /home/cvsroot/postnuke_official/html/includes In directory ns7.hostnuke.net:/tmp/cvs-serv18671 Modified Files: Tag: PostNuke_71 pnSession.php Log Message: drop cookie_domain & move referer_check to security high (for multiple complaints about lost sessions) Index: pnSession.php =================================================================== RCS file: /home/cvsroot/postnuke_official/html/includes/pnSession.php,v retrieving revision 1.15.2.6 retrieving revision 1.15.2.7 diff -C2 -d -r1.15.2.6 -r1.15.2.7 *** pnSession.php 6 Jul 2002 14:52:28 -0000 1.15.2.6 --- pnSession.php 26 Jul 2002 23:41:52 -0000 1.15.2.7 *************** *** 41,44 **** --- 41,49 ---- $path = '/'; } + $host = $HTTP_SERVER_VARS['HTTP_HOST']; + if (empty($host)) { + $host = getenv('HTTP_HOST'); + } + $host = preg_replace('/:.*/', '', $host); // PHP configuration variables *************** *** 65,68 **** --- 70,76 ---- // Session lasts duration of browser $lifetime = 0; + // Referer check + //ini_set('session.referer_check', "$host$path"); + ini_set('session.referer_check', "$host"); break; case 'Medium': *************** *** 83,98 **** // Cookie domain ! $domain = $HTTP_SERVER_VARS['HTTP_HOST']; ! if (empty($domain)) { ! $domain = getenv('HTTP_HOST'); ! } ! $domain = preg_replace('/:.*/', '', $domain); ! ini_set('session.cookie_domain', $domain); ! ! // Referer check ! ini_set('session.referer_check', "$domain$path"); } - // Garbage collection ini_set('session.gc_probability', 1); --- 91,99 ---- // Cookie domain ! // only needed for multi-server multisites - adapt as needed ! //$domain = preg_replace('/^[^.]+/','',$host); ! //ini_set('session.cookie_domain', $domain); } // Garbage collection ini_set('session.gc_probability', 1); *************** *** 470,472 **** return true; } ! ?> \ No newline at end of file --- 471,473 ---- return true; } ! ?>
View Statistics - Next Notice - Previous Notice
Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |