[drupal-devel] [bug] PHP session settings to relocate to support multiple sites

kbahey drupal-devel at drupal.org
Mon Feb 14 14:56:51 UTC 2005


 Project:      Drupal
 Version:      cvs
 Component:    base system
 Category:     bug reports
 Priority:     normal
 Assigned to:  Anonymous
 Reported by:  tangent
 Updated by:   kbahey
 Status:       patch

This patch is very important. It does what I wanted to do in the other
issue pointed to: make Drupal as much as possible independant of the
underlying PHP configuration.
Can you please also add ini_set calls for these values to make sure
PHPSESSID does not end up in the URL:
php_flag session.use_trans_sid    off
php_flag session.use_cookies      on
php_flag session.use_only_cookies on
Also, remove the line
+ini_set('session.cookie_lifetime', 2000000);
Since the other patch takes care of this value. Or should we make
everything consistent and use just one way to do it (settings.php
instead of session.inc)?


kbahey



Previous comments:
------------------------------------------------------------------------

February 14, 2005 - 02:51 : tangent

Attachment: http://drupal.org/files/issues/settings-session.patch (1.71 KB)

As discussed in this issue [1], it would be desirable to move the
session settings into /sites/default/settings.php so that subsites can
have better control over them. One of the advantages of the site
specific settings.php file is that it will never get overwritten during
upgrades and having these settings here should prove to be more
friendly.
I have created a patch which moves most of the PHP session settings
from .htaccess to /sites/default/settings.php with the exception of
"session.auto_start" because it must not, as far as I know, be
modified.
I have also added 2 additional commented settings which I suspect are
often needed as they were in my case.
[1] http://drupal.org//node/2974


------------------------------------------------------------------------

February 14, 2005 - 04:42 : Goba

Please, if this gets committed, leave a comment line in the .htaccess
file at least, indicating that other session related settings are
located in settings.php, so those in the know of current Drupal
behaviour will find their way around.


-- 
View: http://drupal.org/node/17303
Edit: http://drupal.org/project/comments/add/17303





More information about the drupal-devel mailing list