Merge branch 'PHP-5.5'

* PHP-5.5: Add session.use_strict_mode description to php.ini-*
author: Yasuo Ohgaki <yohgaki@php.net> 2013-08-20 18:30:46 +0900
committer: Yasuo Ohgaki <yohgaki@php.net> 2013-08-20 18:30:46 +0900
commit: 8da7aa7e4189f0be434b7c936840429302e021b6 (patch)
tree: 46abbac3ecc21f70ae725a402a95f555f0fa55a4 /php.ini-production
parent: 117bd0848a556b09c917bb7511c328ca46f139ca (diff)
parent: 4cd9796be78bfb1cc88b5ed71cbd61e56937b8e7 (diff)
download: php-git-8da7aa7e4189f0be434b7c936840429302e021b6.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/php.ini-production b/php.ini-production
index 817dd5cc4d..33d8bb635a 100644
--- a/php.ini-production
+++ b/php.ini-production
@@ -1401,6 +1401,14 @@ session.save_handler = files
 ; http://php.net/session.save-path
 ;session.save_path = "/tmp"
 
+; Whether to use strict session mode.
+; Strict session mode does not accept uninitialized session ID and regenerate
+; session ID if browser sends uninitialized session ID. Strict mode protects
+; applications from session fixation via session adoption vulnerability. It is
+; disabled by default for maximum compatibility, but enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
 ; Whether to use cookies.
 ; http://php.net/session.use-cookies
 session.use_cookies = 1
author	Yasuo Ohgaki <yohgaki@php.net>	2013-08-20 18:30:46 +0900
committer	Yasuo Ohgaki <yohgaki@php.net>	2013-08-20 18:30:46 +0900
commit	8da7aa7e4189f0be434b7c936840429302e021b6 (patch)
tree	46abbac3ecc21f70ae725a402a95f555f0fa55a4 /php.ini-production
parent	117bd0848a556b09c917bb7511c328ca46f139ca (diff)
parent	4cd9796be78bfb1cc88b5ed71cbd61e56937b8e7 (diff)
download	php-git-8da7aa7e4189f0be434b7c936840429302e021b6.tar.gz