On 12/28/2012 11:37 PM, Noel Butler wrote:
On Fri, 2012-12-28 at 15:12 -0500, Robert Moskowitz wrote:
>> So your little bit would have to change the cookie content so that the
browser is informed that this cookie is only
>> to be sent over a secure connection? Only way I see to stop this behavior
is for the cookie to be flagged.
> <Directory "/usr/share/roundcube">
> php_admin_flag session.cookie_secure "1"
> <Directory>
If you use multiple virtual hosts, you dont need to put it inside a
directory, you can put it in between<virtualhost> ... </virtualhost>
The few servers I have, each virtual host has its own .conf file with
<virtualhost> ... </virtualhost> framework, so I don't see how I would
benefit this way, just have to include this line in each that uses SSL.
>
> which is still explaind yesterday
>http://php.net/manual/en/session.configuration.php#ini.session.cookie-secure
Yes, I got that and now 'getting it'. Just nit-picking, you use "1" the
manual says boolean with the default of off, so just two ways of
representing boolean, numeric or label. In my way of thinking (hey, I
am dyslexic) labels reduce confusion because there is only off and on
(no maybes) while numeric raise a question of "2"...?
This is because you are not talking directly to php, you are talking
to httpd, and asking it to pass onto say mod_php, so it must be in a
format that they talk to each other in.
Like If you've ever tried to manipulate error reporting you'll know
you cant use
"php_admin_value error_reporting E_ALL & ~E_NOTICE & ~E_DEPRECATED" -
which will fail, you need to use
"php_admin_value error_reporting 22519" to get the actual effect of
E_ALL & ~E_NOTICE & ~E_DEPRECATED.
I was kind of noticing this, as error reporting values are 0,1,4,8 and 2
not implemented yet. Kind of looks like a switch value being passed.
At first I saw this and thought, "and what have they deprecated? (We do
this a LOT in IETF when an option value gets deprecated, like DES and
RC4, we never reuse that value) Then I said, "ah binary!"
_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
