24 Jun
2008
24 Jun
'08
1:04 p.m.
Quoting Daniel Carrera daniel.carrera@zmsl.com:
Earnie Boyd wrote:
I see at http://drupal.org/node/188710 that you should also ini_set('session.use_only_cookies', 0); in the settings.php file.
Thanks. I have to say that I don't really understand that option. I made the change, but I don't understand what I just did.
From http://php.net/session.configuration we see:
session.use_only_cookies boolean session.use_only_cookies specifies whether the module will only use cookies to store the session id on the client side. Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. Defaults to 1 (enabled) since PHP 6.0.
Earnie -- http://for-my-kids.com/ -- http://give-me-an-offer.com/