prevent mis-configured servers from leaking cookies

2014-06-24 19:59:37 -07:00 · 2014-06-24 19:59:37 -07:00 · 423372c964
commit 423372c964
parent ecd472b7bb
1 changed files with 10 additions and 2 deletions
--- a/boot.php
+++ b/boot.php
@ -562,9 +562,17 @@ function startup() {
 	// Some hosting providers block/disable this
 	@set_time_limit(0);

-	// This has to be quite large to deal with embedded private photos
-	ini_set('pcre.backtrack_limit', 500000);
+	if(function_exists ('ini_set')) {

+		// This has to be quite large to deal with embedded private photos
+		@ini_set('pcre.backtrack_limit', 500000);
+
+		// Use cookies to store the session ID on the client side
+		@ini_set('session.use_only_cookies', 1);
+
+		// Disable transparent Session ID support
+		@ini_set('session.use_trans_sid',    0);
+	}

 	if (get_magic_quotes_gpc()) {
 		$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);