Xaraya / Postnuke CVS Notices - Message

Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites

View Statistics - Next Notice - Previous Notice

Directory filter : [ all ] / postnuke_official / html / includes [ view in CVS ]

Date Directory [filter] File(s) [view] Author [filter]
26 Jul 2002 23:41:54postnuke_official/html/includespnSession.php,1.15.2.6,1.15.2.7Mike
 drop cookie_domain & move referer_check to security high (for multiple complaints about lost sessions)

Update of /home/cvsroot/postnuke_official/html/includes
In directory ns7.hostnuke.net:/tmp/cvs-serv18671

Modified Files:
      Tag: PostNuke_71
	pnSession.php 
Log Message:
drop cookie_domain & move referer_check to security high (for multiple complaints about lost sessions)


Index: pnSession.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/includes/pnSession.php,v
retrieving revision 1.15.2.6
retrieving revision 1.15.2.7
diff -C2 -d -r1.15.2.6 -r1.15.2.7
*** pnSession.php	6 Jul 2002 14:52:28 -0000	1.15.2.6
--- pnSession.php	26 Jul 2002 23:41:52 -0000	1.15.2.7
***************
*** 41,44 ****
--- 41,49 ----
          $path = '/';
      }
+     $host = $HTTP_SERVER_VARS['HTTP_HOST'];
+     if (empty($host)) {
+         $host = getenv('HTTP_HOST');
+     }
+     $host = preg_replace('/:.*/', '', $host);
  
      // PHP configuration variables
***************
*** 65,68 ****
--- 70,76 ----
              // Session lasts duration of browser
              $lifetime = 0;
+             // Referer check
+             //ini_set('session.referer_check', "$host$path");
+             ini_set('session.referer_check', "$host");
              break;
          case 'Medium':
***************
*** 83,98 ****
  
          // Cookie domain
!         $domain = $HTTP_SERVER_VARS['HTTP_HOST'];
!         if (empty($domain)) {
!             $domain = getenv('HTTP_HOST');
!         }
!         $domain = preg_replace('/:.*/', '', $domain);
!         ini_set('session.cookie_domain', $domain);
! 
!         // Referer check
!         ini_set('session.referer_check', "$domain$path");
      }
  
- 
      // Garbage collection
      ini_set('session.gc_probability', 1);
--- 91,99 ----
  
          // Cookie domain
!         // only needed for multi-server multisites - adapt as needed
!         //$domain = preg_replace('/^[^.]+/','',$host);
!         //ini_set('session.cookie_domain', $domain);
      }
  
      // Garbage collection
      ini_set('session.gc_probability', 1);
***************
*** 470,472 ****
      return true;
  }
! ?>
\ No newline at end of file
--- 471,473 ----
      return true;
  }
! ?>


Directory filter : [ all ] / postnuke_official / html / includes [ view in CVS ]

View Statistics - Next Notice - Previous Notice


Visit Developer Site - Browse CVS Repository Syndicate via backend.rss
(max. once per hour please)
Powered by CVSNotice 0.1.3