On Sun, 2008-07-13 at 23:14 +0200, Sigurd Nes wrote: > Hi all, > > The new session handler in trunk have all necessary meta-data about the > session > embedded in the session itself. > > If suhosin - the Hardened-PHP Project is enabled - the session data is > encrypted > and the list sessions feature can not be used. > > I think the list session is useful for tracking users in case of remote > problem > solving. > > How about re-enabling the meta information un-encrypted outside the session > data > so it is available to the list session ? > > This also affects the count of current users.
Security always comes at a cost. If people really need this functionality it can be documented and those users can either disable suhosin or use db sessions. I fail to see what benefit it brings for the overhead involved. btw you can get the current session count by using a unique path for storing the session files. Cheers Dave _______________________________________________ phpGroupWare-developers mailing list phpGroupWare-developers@gnu.org http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
