On Fri, 2012-12-28 at 15:12 -0500, Robert Moskowitz wrote:
> >> So your little bit would have to change the cookie content so that the > >> browser is informed that this cookie is only > >> to be sent over a secure connection? Only way I see to stop this behavior > >> is for the cookie to be flagged. > > <Directory "/usr/share/roundcube"> > > php_admin_flag session.cookie_secure "1" > > <Directory> If you use multiple virtual hosts, you dont need to put it inside a directory, you can put it in between<virtualhost> ... </virtualhost> > > > > which is still explaind yesterday > > http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure > > Yes, I got that and now 'getting it'. Just nit-picking, you use "1" the > manual says boolean with the default of off, so just two ways of > representing boolean, numeric or label. In my way of thinking (hey, I > am dyslexic) labels reduce confusion because there is only off and on > (no maybes) while numeric raise a question of "2"...? This is because you are not talking directly to php, you are talking to httpd, and asking it to pass onto say mod_php, so it must be in a format that they talk to each other in. Like If you've ever tried to manipulate error reporting you'll know you cant use "php_admin_value error_reporting E_ALL & ~E_NOTICE & ~E_DEPRECATED" - which will fail, you need to use "php_admin_value error_reporting 22519" to get the actual effect of E_ALL & ~E_NOTICE & ~E_DEPRECATED.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Roundcube Users mailing list [email protected] http://lists.roundcube.net/mailman/listinfo/users
