Note: this list is kept only as a demonstration for CVSNotice. For the latest CVS notices, see the Xaraya and Postnuke sites
View Statistics - Next Notice - Previous NoticeDirectory filter : [ all ] / postnuke_official / html / includes [ view in CVS ]
| Date | Directory [filter] | File(s) [view] | Author [filter] |
| 26 Jul 2002 23:41:54 | postnuke_official/html/includes | pnSession.php,1.15.2.6,1.15.2.7 | Mike |
| drop cookie_domain & move referer_check to security high (for multiple complaints about lost sessions) | |||
Update of /home/cvsroot/postnuke_official/html/includes
In directory ns7.hostnuke.net:/tmp/cvs-serv18671
Modified Files:
Tag: PostNuke_71
pnSession.php
Log Message:
drop cookie_domain & move referer_check to security high (for multiple complaints about lost sessions)
Index: pnSession.php
===================================================================
RCS file: /home/cvsroot/postnuke_official/html/includes/pnSession.php,v
retrieving revision 1.15.2.6
retrieving revision 1.15.2.7
diff -C2 -d -r1.15.2.6 -r1.15.2.7
*** pnSession.php 6 Jul 2002 14:52:28 -0000 1.15.2.6
--- pnSession.php 26 Jul 2002 23:41:52 -0000 1.15.2.7
***************
*** 41,44 ****
--- 41,49 ----
$path = '/';
}
+ $host = $HTTP_SERVER_VARS['HTTP_HOST'];
+ if (empty($host)) {
+ $host = getenv('HTTP_HOST');
+ }
+ $host = preg_replace('/:.*/', '', $host);
// PHP configuration variables
***************
*** 65,68 ****
--- 70,76 ----
// Session lasts duration of browser
$lifetime = 0;
+ // Referer check
+ //ini_set('session.referer_check', "$host$path");
+ ini_set('session.referer_check', "$host");
break;
case 'Medium':
***************
*** 83,98 ****
// Cookie domain
! $domain = $HTTP_SERVER_VARS['HTTP_HOST'];
! if (empty($domain)) {
! $domain = getenv('HTTP_HOST');
! }
! $domain = preg_replace('/:.*/', '', $domain);
! ini_set('session.cookie_domain', $domain);
!
! // Referer check
! ini_set('session.referer_check', "$domain$path");
}
-
// Garbage collection
ini_set('session.gc_probability', 1);
--- 91,99 ----
// Cookie domain
! // only needed for multi-server multisites - adapt as needed
! //$domain = preg_replace('/^[^.]+/','',$host);
! //ini_set('session.cookie_domain', $domain);
}
// Garbage collection
ini_set('session.gc_probability', 1);
***************
*** 470,472 ****
return true;
}
! ?>
\ No newline at end of file
--- 471,473 ----
return true;
}
! ?>
View Statistics - Next Notice - Previous Notice
| Visit Developer Site - Browse CVS Repository |
Syndicate via backend.rss (max. once per hour please) | Powered by CVSNotice 0.1.3 |