summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--php.ini17
1 files changed, 15 insertions, 2 deletions
diff --git a/php.ini b/php.ini
index 8da53bb..7210341 100644
--- a/php.ini
+++ b/php.ini
@@ -1352,6 +1352,14 @@ session.save_handler = files
; for php-fpm, see /etc/php-fpm.d/*conf
;session.save_path = "/tmp"
+; Whether to use strict session mode.
+; Strict session mode does not accept uninitialized session ID and regenerate
+; session ID if browser sends uninitialized session ID. Strict mode protects
+; applications from session fixation via session adoption vulnerability. It is
+; disabled by default for maximum compatibility, but enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
@@ -1431,7 +1439,7 @@ session.gc_maxlifetime = 1440
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-; find /path/to/sessions -cmin +24 | xargs rm
+; find /path/to/sessions -cmin +24 -type f | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope.
@@ -1593,7 +1601,7 @@ mssql.min_error_severity = 10
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
-mssql.compatability_mode = Off
+mssql.compatibility_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
@@ -1788,6 +1796,11 @@ ldap.max_links = -1
[dba]
;dba.default_handler=
+[curl]
+; A default value for the CURLOPT_CAINFO option. This is required to be an
+; absolute path.
+;curl.cainfo =
+
; Local Variables:
; tab-width: 4
; End: