#5605: session.referer_check PHP ini var should be decoupled from 'High' and
'Medium' Session Security levels
-------------------------------------------+--------------------------------
Reporter: Alexbw | Owner:
Type: Enhancement | Status: new
Priority: Medium | Milestone: 1.2.x.x
Component: Session | Version: RC3
Severity: Normal | Resolution:
Keywords: session, referer, security | Php_version: PHP 4 >= 4.3.2
Cake_version: |
-------------------------------------------+--------------------------------
Comment (by pearj):
Step 9 of this issue was fixed in: [7874]
However I would still like to disable the referer_check but still be in
high security mode so that it uses cookies that only last for the browser
session.
It could be fixed easily enough by adding another security mode like so:
{{{
switch ($this->security) {
case 'high':
if ($iniSet) {
ini_set('session.referer_check', $this->host);
}
case 'highNoRefererCheck'
$this->cookieLifeTime = 0;
}}}
Or a completely separate configuration item.
Vote +1 !
--
Ticket URL: <https://trac.cakephp.org/ticket/5605#comment:1>
CakePHP : The Rapid Development Framework for PHP <https://trac.cakephp.org/>
Cake is a rapid development framework for PHP which uses commonly known design
patterns like ActiveRecord, Association Data Mapping, Front Controller and MVC.
Our primary goal is to provide a structured framework that enables PHP users at
all levels to rapidly develop robust web applications, without any loss to
flexibility.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"tickets cakephp" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/tickets-cakephp?hl=en
-~----------~----~----~----~------~----~------~--~---
