In a default PHP configuration, these are both true/enabled. We now set these explicitly in case the user's configuration deviates from the required values. This also solves an installation issue where some users can't advance to step 2.

git-svn-id: http://dev.piwik.org/svn/trunk@2621 59fd770c-687e-43c8-a1e3-f5a4ff64c105
author: robocoder <anthon.pang@gmail.com> 2010-07-21 20:38:12 +0400
committer: robocoder <anthon.pang@gmail.com> 2010-07-21 20:38:12 +0400
commit: e31c3ab85b2e6eef36b188a19b71160fdae3c84b (patch)
tree: be9f5cfa131cb69545be8d461f41c910818694cb /core/Session.php
parent: 92bc93d8b3710b7212cfccc37eeaaad7affbe75c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/core/Session.php b/core/Session.php
index 490e1b2ce5..515cd8ec25 100644
--- a/core/Session.php
+++ b/core/Session.php
@@ -19,6 +19,12 @@ class Piwik_Session extends Zend_Session
 {
     public static function start($options = false)
 	{
+		// use cookies to store session id on the client side
+		@ini_set('session.use_cookies', '1');
+
+		// prevent attacks involving session ids passed in URLs
+		@ini_set('session.use_only_cookies', '1');
+
 		// don't use the default: PHPSESSID
 		$sessionName = defined('PIWIK_SESSION_NAME') ? PIWIK_SESSION_NAME : 'PIWIK_SESSID';
 		@ini_set('session.name', $sessionName);
author	robocoder <anthon.pang@gmail.com>	2010-07-21 20:38:12 +0400
committer	robocoder <anthon.pang@gmail.com>	2010-07-21 20:38:12 +0400
commit	e31c3ab85b2e6eef36b188a19b71160fdae3c84b (patch)
tree	be9f5cfa131cb69545be8d461f41c910818694cb /core/Session.php
parent	92bc93d8b3710b7212cfccc37eeaaad7affbe75c (diff)