Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

$_SESSION sharing among multiple php apps served from same website #945

Closed
robocoder opened this issue Aug 23, 2009 · 1 comment
Closed
Assignees
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Milestone

Comments

@robocoder
Copy link
Contributor

Session conflicts may arise.

Suggested remedies:

  • add Piwik_ prefix to session namespaces
  • set session name (default is PHPSESSID; ZF sets it to ZFSESSION); what if user has set it in .htaccess?
  • regenerate session ID at login/logout
@robocoder
Copy link
Contributor Author

In [1460], fixes #945 - Piwik sets the session.name to 'PIWIK_SESSID'; define('PIWIK_SESSION_NAME', ...) in bootstrap.php to override; session namespaces now prefixed by Piwik_. We regenerate session ID at login/logout to mitigate session fixation attacks.

@robocoder robocoder added this to the Piwik 0.4.4 milestone Jul 8, 2014
@robocoder robocoder self-assigned this Jul 8, 2014
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For errors / faults / flaws / inconsistencies etc.
Projects
None yet
Development

No branches or pull requests

1 participant