fixes #945 - Piwik sets the session.name to 'PIWIK_SESSID'; define('PIWIK_SESSION_NAME', ...) in bootstrap.php to override; session namespaces now prefixed by Piwik_. We regenerate session ID at login/logout to mitigate session fixation attacks.

git-svn-id: http://dev.piwik.org/svn/trunk@1460 59fd770c-687e-43c8-a1e3-f5a4ff64c105
author: robocoder <anthon.pang@gmail.com> 2009-09-08 21:17:56 +0400
committer: robocoder <anthon.pang@gmail.com> 2009-09-08 21:17:56 +0400
commit: 351d292235024f2b939d3a4275f9e991361c4e81 (patch)
tree: 7bc8cdd12bf07c5306d8882751e43bfbceaa0e9c /index.php
parent: db22820373cb972f89b77b5a1c83209ecd67efea (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/index.php b/index.php
index e613bb7741..01529119bf 100644
--- a/index.php
+++ b/index.php
@@ -14,6 +14,11 @@ if(file_exists('bootstrap.php'))
 	require_once 'bootstrap.php';
 }
 
+if(!defined('PIWIK_SESSION_NAME'))
+{
+	define('PIWIK_SESSION_NAME', 'PIWIK_SESSID');
+}
+@ini_set('session.name', PIWIK_SESSION_NAME);
 error_reporting(E_ALL|E_NOTICE);
 if(!defined('PIWIK_DISPLAY_ERRORS') || PIWIK_DISPLAY_ERRORS)
 {
author	robocoder <anthon.pang@gmail.com>	2009-09-08 21:17:56 +0400
committer	robocoder <anthon.pang@gmail.com>	2009-09-08 21:17:56 +0400
commit	351d292235024f2b939d3a4275f9e991361c4e81 (patch)
tree	7bc8cdd12bf07c5306d8882751e43bfbceaa0e9c /index.php
parent	db22820373cb972f89b77b5a1c83209ecd67efea (diff)