sessions

1. [Session]
2. ; Handler used to store/retrieve data.
3. ; http://php.net/session.save-handler
4. session.save_handler = files
5.  
6. ; Argument passed to save_handler.  In the case of files, this is the path
7. ; where data files are stored. Note: Windows users have to change this
8. ; variable in order to use PHP's session functions.
9. ;
10. ; The path can be defined as:
11. ;
12. ;     session.save_path = "N;/path"
13. ;
14. ; where N is an integer.  Instead of storing all the session files in
15. ; /path, what this will do is use subdirectories N-levels deep, and
16. ; store the session data in those directories.  This is useful if you
17. ; or your OS have problems with lots of files in one directory, and is
18. ; a more efficient layout for servers that handle lots of sessions.
19. ;
20. ; NOTE 1: PHP will not create this directory structure automatically.
21. ;         You can use the script in the ext/session dir for that purpose.
22. ; NOTE 2: See the section on garbage collection below if you choose to
23. ;         use subdirectories for session storage
24. ;
25. ; The file storage module creates files using mode 600 by default.
26. ; You can change that by using
27. ;
28. ;     session.save_path = "N;MODE;/path"
29. ;
30. ; where MODE is the octal representation of the mode. Note that this
31. ; does not overwrite the process's umask.
32. ; http://php.net/session.save-path
33. ;session.save_path = "/var/lib/php5"
34.  
35. ; Whether to use strict session mode.
36. ; Strict session mode does not accept uninitialized session ID and regenerate
37. ; session ID if browser sends uninitialized session ID. Strict mode protects
38. ; applications from session fixation via session adoption vulnerability. It is
39. ; disabled by default for maximum compatibility, but enabling it is encouraged.
40. ; https://wiki.php.net/rfc/strict_sessions
41. session.use_strict_mode = 1
42.  
43. ; Whether to use cookies.
44. ; http://php.net/session.use-cookies
45. session.use_cookies = 1
46.  
47. ; http://php.net/session.cookie-secure
48. session.cookie_secure = 1
49.  
50. ; This option forces PHP to fetch and use a cookie for storing and maintaining
51. ; the session id. We encourage this operation as it's very helpful in combating
52. ; session hijacking when not specifying and managing your own session id. It is
53. ; not the end all be all of session hijacking defense, but it's a good start.
54. ; http://php.net/session.use-only-cookies
55. session.use_only_cookies = 1
56.  
57. ; Name of the session (used as cookie name).
58. ; http://php.net/session.name
59. session.name = sessionname
60.  
61. ; Initialize session on request startup.
62. ; http://php.net/session.auto-start
63. session.auto_start = 0
64.  
65. ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
66. ; http://php.net/session.cookie-lifetime
67. session.cookie_lifetime = 0
68.  
69. ; The path for which the cookie is valid.
70. ; http://php.net/session.cookie-path
71. session.cookie_path = /
72.  
73. ; The domain for which the cookie is valid.
74. ; http://php.net/session.cookie-domain
75. session.cookie_domain =
76.  
77. ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
78. ; http://php.net/session.cookie-httponly
79. session.cookie_httponly = 1
80.  
81. ; Handler used to serialize data.  php is the standard serializer of PHP.
82. ; http://php.net/session.serialize-handler
83. session.serialize_handler = php
84.  
85. ; Defines the probability that the 'garbage collection' process is started
86. ; on every session initialization. The probability is calculated by using
87. ; gc_probability/gc_divisor. Where session.gc_probability is the numerator
88. ; and gc_divisor is the denominator in the equation. Setting this value to 1
89. ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
90. ; the gc will run on any give request.
91. ; Default Value: 1
92. ; Development Value: 1
93. ; Production Value: 1
94. ; http://php.net/session.gc-probability
95. session.gc_probability = 0
96.  
97. ; Defines the probability that the 'garbage collection' process is started on every
98. ; session initialization. The probability is calculated by using the following equation:
99. ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
100. ; session.gc_divisor is the denominator in the equation. Setting this value to 1
101. ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
102. ; the gc will run on any give request. Increasing this value to 1000 will give you
103. ; a 0.1% chance the gc will run on any give request. For high volume production servers,
104. ; this is a more efficient approach.
105. ; Default Value: 100
106. ; Development Value: 1000
107. ; Production Value: 1000
108. ; http://php.net/session.gc-divisor
109. session.gc_divisor = 1000
110.  
111. ; After this number of seconds, stored data will be seen as 'garbage' and
112. ; cleaned up by the garbage collection process.
113. ; http://php.net/session.gc-maxlifetime
114. session.gc_maxlifetime = 1800
115.  
116. ; NOTE: If you are using the subdirectory option for storing session files
117. ;       (see session.save_path above), then garbage collection does *not*
118. ;       happen automatically.  You will need to do your own garbage
119. ;       collection through a shell script, cron entry, or some other method.
120. ;       For example, the following script would is the equivalent of
121. ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
122. ;          find /path/to/sessions -cmin +24 -type f | xargs rm
123.  
124. ; PHP 4.2 and less have an undocumented feature/bug that allows you to
125. ; to initialize a session variable in the global scope.
126. ; PHP 4.3 and later will warn you, if this feature is used.
127. ; You can disable the feature and the warning separately. At this time,
128. ; the warning is only displayed, if bug_compat_42 is enabled. This feature
129. ; introduces some serious security problems if not handled correctly. It's
130. ; recommended that you do not use this feature on production servers. But you
131. ; should enable this on development servers and enable the warning as well. If you
132. ; do not enable the feature on development servers, you won't be warned when it's
133. ; used and debugging errors caused by this can be difficult to track down.
134. ; Default Value: On
135. ; Development Value: On
136. ; Production Value: Off
137. ; http://php.net/session.bug-compat-42
138. session.bug_compat_42 = Off
139.  
140. ; This setting controls whether or not you are warned by PHP when initializing a
141. ; session value into the global space. session.bug_compat_42 must be enabled before
142. ; these warnings can be issued by PHP. See the directive above for more information.
143. ; Default Value: On
144. ; Development Value: On
145. ; Production Value: Off
146. ; http://php.net/session.bug-compat-warn
147. session.bug_compat_warn = Off
148.  
149. ; Check HTTP Referer to invalidate externally stored URLs containing ids.
150. ; HTTP_REFERER has to contain this substring for the session to be
151. ; considered as valid.
152. ; http://php.net/session.referer-check
153. session.referer_check =
154.  
155. ; How many bytes to read from the file.
156. ; http://php.net/session.entropy-length
157. ;session.entropy_length = 32
158.  
159. ; Specified here to create the session id.
160. ; http://php.net/session.entropy-file
161. ; Defaults to /dev/urandom
162. ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
163. ; If neither are found at compile time, the default is no entropy file.
164. ; On windows, setting the entropy_length setting will activate the
165. ; Windows random source (using the CryptoAPI)
166. ;session.entropy_file = /dev/urandom
167.  
168. ; Set to {nocache,private,public,} to determine HTTP caching aspects
169. ; or leave this empty to avoid sending anti-caching headers.
170. ; http://php.net/session.cache-limiter
171. session.cache_limiter = nocache
172.  
173. ; Document expires after n minutes.
174. ; http://php.net/session.cache-expire
175. session.cache_expire = 180
176.  
177. ; trans sid support is disabled by default.
178. ; Use of trans sid may risk your users security.
179. ; Use this option with caution.
180. ; - User may send URL contains active session ID
181. ;   to other person via. email/irc/etc.
182. ; - URL that contains active session ID may be stored
183. ;   in publicly accessible computer.
184. ; - User may access your site with the same session ID
185. ;   always using URL stored in browser's history or bookmarks.
186. ; http://php.net/session.use-trans-sid
187. session.use_trans_sid = 0
188.  
189. ; Select a hash function for use in generating session ids.
190. ; Possible Values
191. ;   0  (MD5 128 bits)
192. ;   1  (SHA-1 160 bits)
193. ; This option may also be set to the name of any hash function supported by
194. ; the hash extension. A list of available hashes is returned by the hash_algos()
195. ; function.
196. ; http://php.net/session.hash-function
197. session.hash_function = 0
198.  
199. ; Define how many bits are stored in each character when converting
200. ; the binary hash data to something readable.
201. ; Possible values:
202. ;   4  (4 bits: 0-9, a-f)
203. ;   5  (5 bits: 0-9, a-v)
204. ;   6  (6 bits: 0-9, a-z, A-Z, "-", ",")
205. ; Default Value: 4
206. ; Development Value: 5
207. ; Production Value: 5
208. ; http://php.net/session.hash-bits-per-character
209. session.hash_bits_per_character = 5