Issues #1254 #1208 #1211 #1245 Option to define the session.save_path (relative to e107's root directory) in e107_config.php: define('SESSION_SAVE_PATH','relative-path-to-folder');

example: define('SESSION_SAVE_PATH','../_sessions/'); Use the PHPInfo page in the admin area to check it has worked. Will only work if the path to the folder exists. session.hash_function is now set to sha512 by default when the security level is BALANCED or higher.
2025-01-17 20:58:30 +01:00 · 2015-11-30 14:30:37 -08:00 · 2015-11-30 14:30:37 -08:00 · 84c4c8607d
commit 84c4c8607d
parent b54b5bbe3d
2 changed files with 21 additions and 0 deletions
--- a/e107_admin/phpinfo.php
+++ b/e107_admin/phpinfo.php
@ -69,6 +69,13 @@ $security_risks = array(

 // $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
 ob_end_clean();
+
+
+if(deftrue('e_DEBUG'))
+{
+	$mes->addDebug("Session ID: ".session_id());
+}
+
 $ns->tablerender("PHPInfo", $mes->render(). $phpinfo);
 require_once("footer.php");
 ?>
--- a/e107_handlers/session_handler.php
+++ b/e107_handlers/session_handler.php
@ -208,6 +208,20 @@ class e_session
 				$options['path'] = e107::getPref('session_cookie_path', ''); // FIXME - new pref
 				$options['secure'] = e107::getPref('ssl_enabled', false); // FIXME - new pref
 			}
+
+			if(defined('SESSION_SAVE_PATH')) // safer than a pref.
+			{
+				$config['SavePath'] = e_BASE. SESSION_SAVE_PATH;
+			}
+
+			$hashes = hash_algos();
+
+			if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes))
+			{
+				ini_set('session.hash_function', 'sha512');
+				ini_set('session.hash_bits_per_character', 5);
+			}
+
 			
 			$this->setConfig($config)
 				->setOptions($options);