prevent mis-configured servers from leaking cookies

author: friendica <info@friendica.com> 2014-06-24 19:59:37 -0700
committer: friendica <info@friendica.com> 2014-06-24 19:59:37 -0700
commit: 423372c9642c10ab448e6209d7b3008993e5aa9d (patch)
tree: 1888ea4040ffb065305c84ee8718d513ea74c549 /boot.php
parent: ecd472b7bb2fb0a809c156cb47f4373ba0b8d286 (diff)
download: volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.gz
volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.bz2
volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/boot.php b/boot.php
index db2401847..c8b529d42 100755
--- a/boot.php
+++ b/boot.php
@@ -562,9 +562,17 @@ function startup() {
 	// Some hosting providers block/disable this
 	@set_time_limit(0);
 
-	// This has to be quite large to deal with embedded private photos
-	ini_set('pcre.backtrack_limit', 500000);
+	if(function_exists ('ini_set')) {
 
+		// This has to be quite large to deal with embedded private photos
+		@ini_set('pcre.backtrack_limit', 500000);
+
+		// Use cookies to store the session ID on the client side
+		@ini_set('session.use_only_cookies', 1);
+
+		// Disable transparent Session ID support
+		@ini_set('session.use_trans_sid',    0);
+	}
 
 	if (get_magic_quotes_gpc()) {
 		$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
author	friendica <info@friendica.com>	2014-06-24 19:59:37 -0700
committer	friendica <info@friendica.com>	2014-06-24 19:59:37 -0700
commit	423372c9642c10ab448e6209d7b3008993e5aa9d (patch)
tree	1888ea4040ffb065305c84ee8718d513ea74c549 /boot.php
parent	ecd472b7bb2fb0a809c156cb47f4373ba0b8d286 (diff)
download	volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.gz volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.tar.bz2 volse-hubzilla-423372c9642c10ab448e6209d7b3008993e5aa9d.zip