betz Fri Oct 25 13:07:40 2002 EDT
Modified files:
/phpdoc/en/reference/session ini.xml
Log:
varlist instead of simplelist
ensure the possibility to link to session settings
Index: phpdoc/en/reference/session/ini.xml
diff -u phpdoc/en/reference/session/ini.xml:1.6 phpdoc/en/reference/session/ini.xml:1.7
--- phpdoc/en/reference/session/ini.xml:1.6 Fri Oct 4 11:47:37 2002
+++ phpdoc/en/reference/session/ini.xml Fri Oct 25 13:07:40 2002
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="iso-8859-1"?>
-<!-- $Revision: 1.6 $ -->
+<!-- $Revision: 1.7 $ -->
<section id="session.configuration">
&reftitle.runtime;
&extension.runtime;
@@ -130,220 +130,353 @@
For further details and definition of the PHP_INI_* constants see
<function>ini_set</function>.
</para>
- <para>
- The session management system supports a number of configuration
- options which you can place in your &php.ini; file. We will give a
- short overview.
- <itemizedlist>
- <listitem>
- <simpara>
- <literal>session.save_handler</literal> defines the name of the
- handler which is used for storing and retrieving data
- associated with a session. Defaults to
- <literal>files</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.save_path</literal> defines the argument which
- is passed to the save handler. If you choose the default files
- handler, this is the path where the files are created.
- Defaults to <literal>/tmp</literal>. If
- <literal>session.save_path</literal>'s path depth is more than
- 2, garbage collection will not be performed.
- </simpara>
- <warning>
- <para>
- If you leave this set to a world-readable directory, such as
- <filename>/tmp</filename> (the default), other users on the
- server may be able to hijack sessions by getting the list of
- files in that directory.
- </para>
- </warning>
- <note>
- <simpara>
- Windows users have to change this variable in order to use PHP's
- session functions. Make sure to specify a valid path, e.g.:
- <filename>c:/temp</filename>.
- </simpara>
- </note>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.name</literal> specifies the name of the
- session which is used as cookie name. It should only contain
- alphanumeric characters. Defaults to
- <literal>PHPSESSID</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.auto_start</literal> specifies whether the
- session module starts a session automatically on request
- startup. Defaults to <literal>0</literal> (disabled).
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.cookie_lifetime</literal> specifies the lifetime of
- the cookie in seconds which is sent to the browser. The value 0
- means "until the browser is closed." Defaults to
- <literal>0</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.serialize_handler</literal> defines the name
- of the handler which is used to serialize/deserialize
- data. Currently, a PHP internal format (name
- <literal>php</literal>) and WDDX is supported (name
- <literal>wddx</literal>). WDDX is only available, if PHP is
- compiled with <link linkend="ref.wddx">WDDX
- support</link>. Defaults to <literal>php</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.gc_probability</literal> specifies the
- probability that the gc (garbage collection) routine is started
- on each request in percent. Defaults to <literal>1</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.gc_maxlifetime</literal> specifies the number
- of seconds after which data will be seen as 'garbage' and
- cleaned up.
- </simpara>
- <note>
- <simpara>If you are using the default file-based session handler, your
- filesystem must keep track of access times (atime). Windows FAT does
- not so you will have to come up with another way to handle garbage
- collecting your session if you are stuck with a FAT filesystem or any
- other fs where atime tracking is not available.
- </simpara>
- </note>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.referer_check</literal> contains the
- substring you want to check each HTTP Referer for. If the
- Referer was sent by the client and the substring was not
- found, the embedded session id will be marked as invalid.
- Defaults to the empty string.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.entropy_file</literal> gives a path to an
- external resource (file) which will be used as an additional
- entropy source in the session id creation process. Examples are
- <literal>/dev/random</literal> or
- <literal>/dev/urandom</literal> which are available on many
- Unix systems.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.entropy_length</literal> specifies the number
- of bytes which will be read from the file specified
- above. Defaults to <literal>0</literal> (disabled).
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.use_cookies</literal> specifies whether the
- module will use cookies to store the session id on the client
- side. Defaults to <literal>1</literal> (enabled).
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.use_only_cookies</literal> specifies whether
- the module will <emphasis role="strong">only</emphasis> use
- cookies to store the session id on the client side. Defaults
- to <literal>0</literal> (disabled, for backward compatibility).
- Enabling this setting prevents attacks involved passing session
- ids in URLs. This setting was added in <literal>PHP</literal>
- 4.3.0.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.cookie_path</literal> specifies path to set
- in session_cookie. Defaults to <literal>/</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.cookie_domain</literal> specifies domain to
- set in session_cookie. Default is none at all.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.cache_limiter</literal> specifies cache
- control method to use for session pages
- (none/nocache/private/private_no_expire/public). Defaults to
- <literal>nocache</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.cache_expire</literal> specifies time-to-live
- for cached session pages in minutes, this has no effect for
- nocache limiter. Defaults to <literal>180</literal>.
- </simpara>
- </listitem>
- <listitem>
- <simpara>
- <literal>session.use_trans_sid</literal> whether transparent
- sid support is enabled or not. Defaults to
- <literal>0</literal> (disabled).
- </simpara>
- <note>
- <simpara>
- For PHP 4.1.2 or less, it is enabled by compiling with
- <link linkend="install.configure.enable-trans-sid">
- <literal>--enable-trans-sid</literal></link>.
- From PHP 4.2.0, trans-sid feature is always compiled.
- </simpara>
- <simpara>
- URL based session management has additional security risks
- compared to cookie based session management. Users may send
- an URL that contains an active session ID to their friends by
- email or users may save an URL that contains a session ID to
- their bookmarks and access your site with the same session ID
- always, for example.
- </simpara>
- </note>
- </listitem>
- <listitem>
- <simpara>
- <literal>url_rewriter.tags</literal> specifies which html tags
- are rewritten to include session id if transparent sid support
- is enabled. Defaults to
- <literal>a=href,area=href,frame=src,input=src,form=fakeentry</literal>
- </simpara>
- </listitem>
- </itemizedlist>
- </para>
- <para>
- The <link
- linkend="ini.track-vars"><literal>track_vars</literal></link> and
- <link
- linkend="ini.register-globals"><literal>register_globals</literal></link>
- configuration settings influence how the session variables get
- stored and restored.
- </para>
+ <para>
+ The session management system supports a number of configuration
+ options which you can place in your &php.ini; file. We will give a
+ short overview.
+ <variablelist>
- <note>
+ <varlistentry id="ini.session.save-handler">
+ <term>
+ <parameter>session.save_handler</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.save_handler</literal> defines the name of the
+ handler which is used for storing and retrieving data
+ associated with a session. Defaults to
+ <literal>files</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.save-path">
+ <term>
+ <parameter>session.save_path</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.save_path</literal> defines the argument which
+ is passed to the save handler. If you choose the default files
+ handler, this is the path where the files are created.
+ Defaults to <literal>/tmp</literal>. If
+ <literal>session.save_path</literal>'s path depth is more than
+ 2, garbage collection will not be performed.
+ </simpara>
+ <warning>
<para>
- As of PHP 4.0.3, <link
- linkend="ini.track-vars"><literal>track_vars</literal></link> is
- always turned on.
+ If you leave this set to a world-readable directory, such as
+ <filename>/tmp</filename> (the default), other users on the
+ server may be able to hijack sessions by getting the list of
+ files in that directory.
</para>
+ </warning>
+ <note>
+ <simpara>
+ Windows users have to change this variable in order to use PHP's
+ session functions. Make sure to specify a valid path, e.g.:
+ <filename>c:/temp</filename>.
+ </simpara>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.name">
+ <term>
+ <parameter>session.name</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.name</literal> specifies the name of the
+ session which is used as cookie name. It should only contain
+ alphanumeric characters. Defaults to <literal>PHPSESSID</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.auto-start">
+ <term>
+ <parameter>session.auto_start</parameter>
+ <type>boolean</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.auto_start</literal> specifies whether the
+ session module starts a session automatically on request
+ startup. Defaults to <literal>0</literal> (disabled).
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.cookie-lifetime">
+ <term>
+ <parameter>session.cookie_lifetime</parameter>
+ <type>integer</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.cookie_lifetime</literal> specifies the lifetime of
+ the cookie in seconds which is sent to the browser. The value 0
+ means "until the browser is closed." Defaults to
+ <literal>0</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.serialize-handler">
+ <term>
+ <parameter>session.serialize_handler</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.serialize_handler</literal> defines the name
+ of the handler which is used to serialize/deserialize
+ data. Currently, a PHP internal format (name
+ <literal>php</literal>) and WDDX is supported (name
+ <literal>wddx</literal>). WDDX is only available, if PHP is
+ compiled with <link linkend="ref.wddx">WDDX
+ support</link>. Defaults to <literal>php</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.gc-probability">
+ <term>
+ <parameter>session.gc_probability</parameter>
+ <type>integer</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.gc_probability</literal> specifies the
+ probability that the gc (garbage collection) routine is started
+ on each request in percent. Defaults to <literal>1</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.gc-maxlifetime">
+ <term>
+ <parameter>session.gc_maxlifetime</parameter>
+ <type>integer</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.gc_maxlifetime</literal> specifies the number
+ of seconds after which data will be seen as 'garbage' and
+ cleaned up.
+ </simpara>
+ <note>
+ <simpara>If you are using the default file-based session handler, your
+ filesystem must keep track of access times (atime). Windows FAT does
+ not so you will have to come up with another way to handle garbage
+ collecting your session if you are stuck with a FAT filesystem or any
+ other fs where atime tracking is not available.
+ </simpara>
+ </note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.referer-check">
+ <term>
+ <parameter>session.referer_check</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.referer_check</literal> contains the
+ substring you want to check each HTTP Referer for. If the
+ Referer was sent by the client and the substring was not
+ found, the embedded session id will be marked as invalid.
+ Defaults to the empty string.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.entropy-file">
+ <term>
+ <parameter>session.entropy_file</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.entropy_file</literal> gives a path to an
+ external resource (file) which will be used as an additional
+ entropy source in the session id creation process. Examples are
+ <literal>/dev/random</literal> or <literal>/dev/urandom</literal>
+ which are available on many Unix systems.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.entropy-length">
+ <term>
+ <parameter>session.entropy_length</parameter>
+ <type>integer</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.entropy_length</literal> specifies the number
+ of bytes which will be read from the file specified
+ above. Defaults to <literal>0</literal> (disabled).
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.use-cookies">
+ <term>
+ <parameter>session.use_cookies</parameter>
+ <type>boolean</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.use_cookies</literal> specifies whether the
+ module will use cookies to store the session id on the client
+ side. Defaults to <literal>1</literal> (enabled).
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.use-only_cookies">
+ <term>
+ <parameter>session.use_only_cookies</parameter>
+ <type>boolean</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.use_only_cookies</literal> specifies whether
+ the module will <emphasis role="strong">only</emphasis> use
+ cookies to store the session id on the client side. Defaults
+ to <literal>0</literal> (disabled, for backward compatibility).
+ Enabling this setting prevents attacks involved passing session
+ ids in URLs. This setting was added in <literal>PHP</literal>
+ 4.3.0.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.cookie-path">
+ <term>
+ <parameter>session.cookie_path</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.cookie_path</literal> specifies path to set
+ in session_cookie. Defaults to <literal>/</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.cookie-domain">
+ <term>
+ <parameter>session.cookie_domain</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.cookie_domain</literal> specifies domain to
+ set in session_cookie. Default is none at all.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.cache-limiter">
+ <term>
+ <parameter>session.cache_limiter</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.cache_limiter</literal> specifies cache
+ control method to use for session pages
+ (none/nocache/private/private_no_expire/public). Defaults to
+ <literal>nocache</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry id="ini.session.cache-expire">
+ <term>
+ <parameter>session.cache_expire</parameter>
+ <type>integer</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.cache_expire</literal> specifies time-to-live
+ for cached session pages in minutes, this has no effect for
+ nocache limiter. Defaults to <literal>180</literal>.
+ </simpara>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.session.use-trans_sid">
+ <term>
+ <parameter>session.use_trans_sid</parameter>
+ <type>boolean</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>session.use_trans_sid</literal> whether transparent
+ sid support is enabled or not. Defaults to
+ <literal>0</literal> (disabled).
+ </simpara>
+ <note>
+ <simpara>
+ For PHP 4.1.2 or less, it is enabled by compiling with
+ <link linkend="install.configure.enable-trans-sid">
+ <literal>--enable-trans-sid</literal></link>.
+ From PHP 4.2.0, trans-sid feature is always compiled.
+ </simpara>
+ <simpara>
+ URL based session management has additional security risks
+ compared to cookie based session management. Users may send
+ an URL that contains an active session ID to their friends by
+ email or users may save an URL that contains a session ID to
+ their bookmarks and access your site with the same session ID
+ always, for example.
+ </simpara>
</note>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry id="ini.url-rewriter.tags">
+ <term>
+ <parameter>url_rewriter.tags</parameter>
+ <type>string</type>
+ </term>
+ <listitem>
+ <simpara>
+ <literal>url_rewriter.tags</literal> specifies which html tags
+ are rewritten to include session id if transparent sid support
+ is enabled. Defaults to
+ <literal>a=href,area=href,frame=src,input=src,form=fakeentry</literal>
+ </simpara>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </para>
+
+ <para>
+ The <link
+ linkend="ini.track-vars"><literal>track_vars</literal></link> and
+ <link
+ linkend="ini.register-globals"><literal>register_globals</literal></link>
+ configuration settings influence how the session variables get
+ stored and restored.
+ </para>
+
+ <note>
+ <para>
+ As of PHP 4.0.3, <link
+ linkend="ini.track-vars"><literal>track_vars</literal></link> is
+ always turned on.
+ </para>
+ </note>
</section>
--
PHP Documentation Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
