Commit: 4cd9796be78bfb1cc88b5ed71cbd61e56937b8e7 Author: Yasuo Ohgaki <yohg...@php.net> Tue, 20 Aug 2013 18:30:30 +0900 Parents: 36122c74a200db65cfa815d183716e38587c4c85 Branches: PHP-5.5
Link: http://git.php.net/?p=php-src.git;a=commitdiff;h=4cd9796be78bfb1cc88b5ed71cbd61e56937b8e7 Log: Add session.use_strict_mode description to php.ini-* Changed paths: M php.ini-development M php.ini-production Diff: diff --git a/php.ini-development b/php.ini-development index 7197dae..43ab1de 100644 --- a/php.ini-development +++ b/php.ini-development @@ -1398,6 +1398,14 @@ session.save_handler = files ; http://php.net/session.save-path ;session.save_path = "/tmp" +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + ; Whether to use cookies. ; http://php.net/session.use-cookies session.use_cookies = 1 diff --git a/php.ini-production b/php.ini-production index 5590d2c..0014c4e 100644 --- a/php.ini-production +++ b/php.ini-production @@ -1398,6 +1398,14 @@ session.save_handler = files ; http://php.net/session.save-path ;session.save_path = "/tmp" +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + ; Whether to use cookies. ; http://php.net/session.use-cookies session.use_cookies = 1 -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
