From 423372c9642c10ab448e6209d7b3008993e5aa9d Mon Sep 17 00:00:00 2001
From: friendica <info@friendica.com>
Date: Tue, 24 Jun 2014 19:59:37 -0700
Subject: prevent mis-configured servers from leaking cookies

---
 boot.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/boot.php b/boot.php
index db2401847..c8b529d42 100755
--- a/boot.php
+++ b/boot.php
@@ -562,9 +562,17 @@ function startup() {
 	// Some hosting providers block/disable this
 	@set_time_limit(0);
 
-	// This has to be quite large to deal with embedded private photos
-	ini_set('pcre.backtrack_limit', 500000);
+	if(function_exists ('ini_set')) {
 
+		// This has to be quite large to deal with embedded private photos
+		@ini_set('pcre.backtrack_limit', 500000);
+
+		// Use cookies to store the session ID on the client side
+		@ini_set('session.use_only_cookies', 1);
+
+		// Disable transparent Session ID support
+		@ini_set('session.use_trans_sid',    0);
+	}
 
 	if (get_magic_quotes_gpc()) {
 		$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
-- 
cgit v1.2.3