[Phplib-users] new Session4 changes
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] new Session4 changes
|
From: Maxim D. <max...@bo...> - 2002-11-26 17:56:12
|
Hello friends,
Just made some additions to the session4.inc in the current CVS
(php-lib)
First, incorporated all the changes from php-lib-stable version.
Second, changed some strings there, performance-wise - trashed repeated
ini_get('register_globals') calls (moved the single one to the
constructor) and cleaned up some hacks with 'global' & eval.
Third, and most significant. Added a workaround for the vulnerability,
addressed by Giancarlo several times. Please, look at this and test it
properly - with coookies and without, reg-globals on/off. It should
solve the session hijacking problem. See comments for details.
Look forward for your feedback urgently.
NOTE - it's in the php-lib repository, not php-lib-stable.
Bye for now.
--
Best regards,
Maxim Derkachev mailto:max...@bo...
IT manager,
Symbol-Plus Publishing Ltd.
phone: +7 (812) 324-53-53
www.books.ru, www.symbol.ru
|
