diff options
-rw-r--r-- | php.ini | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -1352,6 +1352,14 @@ session.save_handler = files ; for php-fpm, see /etc/php-fpm.d/*conf ;session.save_path = "/tmp" +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + ; Whether to use cookies. ; http://php.net/session.use-cookies session.use_cookies = 1 @@ -1431,7 +1439,7 @@ session.gc_maxlifetime = 1440 ; collection through a shell script, cron entry, or some other method. ; For example, the following script would is the equivalent of ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 | xargs rm +; find /path/to/sessions -cmin +24 -type f | xargs rm ; PHP 4.2 and less have an undocumented feature/bug that allows you to ; to initialize a session variable in the global scope. @@ -1593,7 +1601,7 @@ mssql.min_error_severity = 10 mssql.min_message_severity = 10 ; Compatibility mode with old versions of PHP 3.0. -mssql.compatability_mode = Off +mssql.compatibility_mode = Off ; Connect timeout ;mssql.connect_timeout = 5 @@ -1788,6 +1796,11 @@ ldap.max_links = -1 [dba] ;dba.default_handler= +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + ; Local Variables: ; tab-width: 4 ; End: |