.htaccess

[mt]

I run my server with session.auto_start at on, which causes a problem due to the way the Zend Session Object is done.

I would suggest a htaccess with the following rule:

php_flag session.auto_start off

At any rate, this .htaccess coule eventually be used for url routing purposes, for clean urls.

[matt]

we should not rely on .htaccess for application level logic; what exactly is the problem you mention? please post steps to reproduce.

[vipsoft]

I believe mt's configuration would have been an issue even before #828 because Zend_Auth depended on Zend_Session indirectly.

session.auto_start is off in a default PHP configuration.

It's specifically wrong for it to be "on" for Zend Framework apps ( http://framework.zend.com/manual/en/zend.session.advanced_usage.html) because it causes an E_NOTICE to be thrown when Zend_Session::start() is called (either directly or by Zend_Session_Namespace).

We can't guard against this programmatically, e.g.,

@ini_set('session.auto_start', 0);

because the session has already been started by the time the PHP executes.

We should document this as a system requirement rather than adding the .htaccess rule. (In fact, we should probably remove piwik/.htaccess from the build so that it doesn't overwrite the user's configuration.)

[vipsoft]

opened #887 to exclude .htaccess from future builds