Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Session]
- ; Handler used to store/retrieve data.
- ; http://php.net/session.save-handler
- session.save_handler = files
- ; Argument passed to save_handler. In the case of files, this is the path
- ; where data files are stored. Note: Windows users have to change this
- ; variable in order to use PHP's session functions.
- ;
- ; The path can be defined as:
- ;
- ; session.save_path = "N;/path"
- ;
- ; where N is an integer. Instead of storing all the session files in
- ; /path, what this will do is use subdirectories N-levels deep, and
- ; store the session data in those directories. This is useful if you
- ; or your OS have problems with lots of files in one directory, and is
- ; a more efficient layout for servers that handle lots of sessions.
- ;
- ; NOTE 1: PHP will not create this directory structure automatically.
- ; You can use the script in the ext/session dir for that purpose.
- ; NOTE 2: See the section on garbage collection below if you choose to
- ; use subdirectories for session storage
- ;
- ; The file storage module creates files using mode 600 by default.
- ; You can change that by using
- ;
- ; session.save_path = "N;MODE;/path"
- ;
- ; where MODE is the octal representation of the mode. Note that this
- ; does not overwrite the process's umask.
- ; http://php.net/session.save-path
- ;session.save_path = "/var/lib/php5"
- ; Whether to use strict session mode.
- ; Strict session mode does not accept uninitialized session ID and regenerate
- ; session ID if browser sends uninitialized session ID. Strict mode protects
- ; applications from session fixation via session adoption vulnerability. It is
- ; disabled by default for maximum compatibility, but enabling it is encouraged.
- ; https://wiki.php.net/rfc/strict_sessions
- session.use_strict_mode = 1
- ; Whether to use cookies.
- ; http://php.net/session.use-cookies
- session.use_cookies = 1
- ; http://php.net/session.cookie-secure
- session.cookie_secure = 1
- ; This option forces PHP to fetch and use a cookie for storing and maintaining
- ; the session id. We encourage this operation as it's very helpful in combating
- ; session hijacking when not specifying and managing your own session id. It is
- ; not the end all be all of session hijacking defense, but it's a good start.
- ; http://php.net/session.use-only-cookies
- session.use_only_cookies = 1
- ; Name of the session (used as cookie name).
- ; http://php.net/session.name
- session.name = sessionname
- ; Initialize session on request startup.
- ; http://php.net/session.auto-start
- session.auto_start = 0
- ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
- ; http://php.net/session.cookie-lifetime
- session.cookie_lifetime = 0
- ; The path for which the cookie is valid.
- ; http://php.net/session.cookie-path
- session.cookie_path = /
- ; The domain for which the cookie is valid.
- ; http://php.net/session.cookie-domain
- session.cookie_domain =
- ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
- ; http://php.net/session.cookie-httponly
- session.cookie_httponly = 1
- ; Handler used to serialize data. php is the standard serializer of PHP.
- ; http://php.net/session.serialize-handler
- session.serialize_handler = php
- ; Defines the probability that the 'garbage collection' process is started
- ; on every session initialization. The probability is calculated by using
- ; gc_probability/gc_divisor. Where session.gc_probability is the numerator
- ; and gc_divisor is the denominator in the equation. Setting this value to 1
- ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
- ; the gc will run on any give request.
- ; Default Value: 1
- ; Development Value: 1
- ; Production Value: 1
- ; http://php.net/session.gc-probability
- session.gc_probability = 0
- ; Defines the probability that the 'garbage collection' process is started on every
- ; session initialization. The probability is calculated by using the following equation:
- ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
- ; session.gc_divisor is the denominator in the equation. Setting this value to 1
- ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
- ; the gc will run on any give request. Increasing this value to 1000 will give you
- ; a 0.1% chance the gc will run on any give request. For high volume production servers,
- ; this is a more efficient approach.
- ; Default Value: 100
- ; Development Value: 1000
- ; Production Value: 1000
- ; http://php.net/session.gc-divisor
- session.gc_divisor = 1000
- ; After this number of seconds, stored data will be seen as 'garbage' and
- ; cleaned up by the garbage collection process.
- ; http://php.net/session.gc-maxlifetime
- session.gc_maxlifetime = 1800
- ; NOTE: If you are using the subdirectory option for storing session files
- ; (see session.save_path above), then garbage collection does *not*
- ; happen automatically. You will need to do your own garbage
- ; collection through a shell script, cron entry, or some other method.
- ; For example, the following script would is the equivalent of
- ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
- ; find /path/to/sessions -cmin +24 -type f | xargs rm
- ; PHP 4.2 and less have an undocumented feature/bug that allows you to
- ; to initialize a session variable in the global scope.
- ; PHP 4.3 and later will warn you, if this feature is used.
- ; You can disable the feature and the warning separately. At this time,
- ; the warning is only displayed, if bug_compat_42 is enabled. This feature
- ; introduces some serious security problems if not handled correctly. It's
- ; recommended that you do not use this feature on production servers. But you
- ; should enable this on development servers and enable the warning as well. If you
- ; do not enable the feature on development servers, you won't be warned when it's
- ; used and debugging errors caused by this can be difficult to track down.
- ; Default Value: On
- ; Development Value: On
- ; Production Value: Off
- ; http://php.net/session.bug-compat-42
- session.bug_compat_42 = Off
- ; This setting controls whether or not you are warned by PHP when initializing a
- ; session value into the global space. session.bug_compat_42 must be enabled before
- ; these warnings can be issued by PHP. See the directive above for more information.
- ; Default Value: On
- ; Development Value: On
- ; Production Value: Off
- ; http://php.net/session.bug-compat-warn
- session.bug_compat_warn = Off
- ; Check HTTP Referer to invalidate externally stored URLs containing ids.
- ; HTTP_REFERER has to contain this substring for the session to be
- ; considered as valid.
- ; http://php.net/session.referer-check
- session.referer_check =
- ; How many bytes to read from the file.
- ; http://php.net/session.entropy-length
- ;session.entropy_length = 32
- ; Specified here to create the session id.
- ; http://php.net/session.entropy-file
- ; Defaults to /dev/urandom
- ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
- ; If neither are found at compile time, the default is no entropy file.
- ; On windows, setting the entropy_length setting will activate the
- ; Windows random source (using the CryptoAPI)
- ;session.entropy_file = /dev/urandom
- ; Set to {nocache,private,public,} to determine HTTP caching aspects
- ; or leave this empty to avoid sending anti-caching headers.
- ; http://php.net/session.cache-limiter
- session.cache_limiter = nocache
- ; Document expires after n minutes.
- ; http://php.net/session.cache-expire
- session.cache_expire = 180
- ; trans sid support is disabled by default.
- ; Use of trans sid may risk your users security.
- ; Use this option with caution.
- ; - User may send URL contains active session ID
- ; to other person via. email/irc/etc.
- ; - URL that contains active session ID may be stored
- ; in publicly accessible computer.
- ; - User may access your site with the same session ID
- ; always using URL stored in browser's history or bookmarks.
- ; http://php.net/session.use-trans-sid
- session.use_trans_sid = 0
- ; Select a hash function for use in generating session ids.
- ; Possible Values
- ; 0 (MD5 128 bits)
- ; 1 (SHA-1 160 bits)
- ; This option may also be set to the name of any hash function supported by
- ; the hash extension. A list of available hashes is returned by the hash_algos()
- ; function.
- ; http://php.net/session.hash-function
- session.hash_function = 0
- ; Define how many bits are stored in each character when converting
- ; the binary hash data to something readable.
- ; Possible values:
- ; 4 (4 bits: 0-9, a-f)
- ; 5 (5 bits: 0-9, a-v)
- ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
- ; Default Value: 4
- ; Development Value: 5
- ; Production Value: 5
- ; http://php.net/session.hash-bits-per-character
- session.hash_bits_per_character = 5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement