1
0
mirror of https://github.com/e107inc/e107.git synced 2025-01-17 20:58:30 +01:00

Issues #1254 #1208 #1211 #1245 Option to define the session.save_path (relative to e107's root directory) in e107_config.php: define('SESSION_SAVE_PATH','relative-path-to-folder');

example: define('SESSION_SAVE_PATH','../_sessions/');
Use the PHPInfo page in the admin area to check it has worked. Will only work if the path to the folder exists. session.hash_function is now set to sha512 by default when the security level is BALANCED or higher.
This commit is contained in:
Cameron 2015-11-30 14:30:37 -08:00
parent b54b5bbe3d
commit 84c4c8607d
2 changed files with 21 additions and 0 deletions

View File

@ -69,6 +69,13 @@ $security_risks = array(
// $phpinfo = preg_replace("#^.*<body>#is", "", $phpinfo);
ob_end_clean();
if(deftrue('e_DEBUG'))
{
$mes->addDebug("Session ID: ".session_id());
}
$ns->tablerender("PHPInfo", $mes->render(). $phpinfo);
require_once("footer.php");
?>

View File

@ -209,6 +209,20 @@ class e_session
$options['secure'] = e107::getPref('ssl_enabled', false); // FIXME - new pref
}
if(defined('SESSION_SAVE_PATH')) // safer than a pref.
{
$config['SavePath'] = e_BASE. SESSION_SAVE_PATH;
}
$hashes = hash_algos();
if((e_SECURITY_LEVEL >= self::SECURITY_LEVEL_BALANCED) && in_array('sha512',$hashes))
{
ini_set('session.hash_function', 'sha512');
ini_set('session.hash_bits_per_character', 5);
}
$this->setConfig($config)
->setOptions($options);
}