diff options
author | robocoder <anthon.pang@gmail.com> | 2010-07-21 20:38:12 +0400 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2010-07-21 20:38:12 +0400 |
commit | e31c3ab85b2e6eef36b188a19b71160fdae3c84b (patch) | |
tree | be9f5cfa131cb69545be8d461f41c910818694cb /core/Session.php | |
parent | 92bc93d8b3710b7212cfccc37eeaaad7affbe75c (diff) |
In a default PHP configuration, these are both true/enabled. We now set these explicitly in case the user's configuration deviates from the required values. This also solves an installation issue where some users can't advance to step 2.
git-svn-id: http://dev.piwik.org/svn/trunk@2621 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'core/Session.php')
-rw-r--r-- | core/Session.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/Session.php b/core/Session.php index 490e1b2ce5..515cd8ec25 100644 --- a/core/Session.php +++ b/core/Session.php @@ -19,6 +19,12 @@ class Piwik_Session extends Zend_Session { public static function start($options = false) { + // use cookies to store session id on the client side + @ini_set('session.use_cookies', '1'); + + // prevent attacks involving session ids passed in URLs + @ini_set('session.use_only_cookies', '1'); + // don't use the default: PHPSESSID $sessionName = defined('PIWIK_SESSION_NAME') ? PIWIK_SESSION_NAME : 'PIWIK_SESSID'; @ini_set('session.name', $sessionName); |