From 738f0499a9800804bb30af2e76280d092ee87cc4 Mon Sep 17 00:00:00 2001 From: Friedhelm Betz Date: Fri, 25 Oct 2002 17:07:40 +0000 Subject: [PATCH] varlist instead of simplelist ensure the possibility to link to session settings git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@101323 c90b9560-bf6c-de11-be94-00142212c4b1 --- reference/session/ini.xml | 555 +++++++++++++++++++++++--------------- 1 file changed, 344 insertions(+), 211 deletions(-) diff --git a/reference/session/ini.xml b/reference/session/ini.xml index 5f6084f74f..ea61b6c8dc 100644 --- a/reference/session/ini.xml +++ b/reference/session/ini.xml @@ -1,5 +1,5 @@ - +
&reftitle.runtime; &extension.runtime; @@ -130,220 +130,353 @@ For further details and definition of the PHP_INI_* constants see ini_set. - - The session management system supports a number of configuration - options which you can place in your &php.ini; file. We will give a - short overview. - - - - session.save_handler defines the name of the - handler which is used for storing and retrieving data - associated with a session. Defaults to - files. - - - - - session.save_path defines the argument which - is passed to the save handler. If you choose the default files - handler, this is the path where the files are created. - Defaults to /tmp. If - session.save_path's path depth is more than - 2, garbage collection will not be performed. - - - - If you leave this set to a world-readable directory, such as - /tmp (the default), other users on the - server may be able to hijack sessions by getting the list of - files in that directory. - - - - - Windows users have to change this variable in order to use PHP's - session functions. Make sure to specify a valid path, e.g.: - c:/temp. - - - - - - session.name specifies the name of the - session which is used as cookie name. It should only contain - alphanumeric characters. Defaults to - PHPSESSID. - - - - - session.auto_start specifies whether the - session module starts a session automatically on request - startup. Defaults to 0 (disabled). - - - - - session.cookie_lifetime specifies the lifetime of - the cookie in seconds which is sent to the browser. The value 0 - means "until the browser is closed." Defaults to - 0. - - - - - session.serialize_handler defines the name - of the handler which is used to serialize/deserialize - data. Currently, a PHP internal format (name - php) and WDDX is supported (name - wddx). WDDX is only available, if PHP is - compiled with WDDX - support. Defaults to php. - - - - - session.gc_probability specifies the - probability that the gc (garbage collection) routine is started - on each request in percent. Defaults to 1. - - - - - session.gc_maxlifetime specifies the number - of seconds after which data will be seen as 'garbage' and - cleaned up. - - - If you are using the default file-based session handler, your - filesystem must keep track of access times (atime). Windows FAT does - not so you will have to come up with another way to handle garbage - collecting your session if you are stuck with a FAT filesystem or any - other fs where atime tracking is not available. - - - - - - session.referer_check contains the - substring you want to check each HTTP Referer for. If the - Referer was sent by the client and the substring was not - found, the embedded session id will be marked as invalid. - Defaults to the empty string. - - - - - session.entropy_file gives a path to an - external resource (file) which will be used as an additional - entropy source in the session id creation process. Examples are - /dev/random or - /dev/urandom which are available on many - Unix systems. - - - - - session.entropy_length specifies the number - of bytes which will be read from the file specified - above. Defaults to 0 (disabled). - - - - - session.use_cookies specifies whether the - module will use cookies to store the session id on the client - side. Defaults to 1 (enabled). - - - - - session.use_only_cookies specifies whether - the module will only use - cookies to store the session id on the client side. Defaults - to 0 (disabled, for backward compatibility). - Enabling this setting prevents attacks involved passing session - ids in URLs. This setting was added in PHP - 4.3.0. - - - - - session.cookie_path specifies path to set - in session_cookie. Defaults to /. - - - - - session.cookie_domain specifies domain to - set in session_cookie. Default is none at all. - - - - - session.cache_limiter specifies cache - control method to use for session pages - (none/nocache/private/private_no_expire/public). Defaults to - nocache. - - - - - session.cache_expire specifies time-to-live - for cached session pages in minutes, this has no effect for - nocache limiter. Defaults to 180. - - - - - session.use_trans_sid whether transparent - sid support is enabled or not. Defaults to - 0 (disabled). - - - - For PHP 4.1.2 or less, it is enabled by compiling with - - --enable-trans-sid. - From PHP 4.2.0, trans-sid feature is always compiled. - - - URL based session management has additional security risks - compared to cookie based session management. Users may send - an URL that contains an active session ID to their friends by - email or users may save an URL that contains a session ID to - their bookmarks and access your site with the same session ID - always, for example. - - - - - - url_rewriter.tags specifies which html tags - are rewritten to include session id if transparent sid support - is enabled. Defaults to - a=href,area=href,frame=src,input=src,form=fakeentry - - - - - - The track_vars and - register_globals - configuration settings influence how the session variables get - stored and restored. - + + The session management system supports a number of configuration + options which you can place in your &php.ini; file. We will give a + short overview. + - + + + session.save_handler + string + + + + session.save_handler defines the name of the + handler which is used for storing and retrieving data + associated with a session. Defaults to + files. + + + + + + + session.save_path + string + + + + session.save_path defines the argument which + is passed to the save handler. If you choose the default files + handler, this is the path where the files are created. + Defaults to /tmp. If + session.save_path's path depth is more than + 2, garbage collection will not be performed. + + - As of PHP 4.0.3, track_vars is - always turned on. + If you leave this set to a world-readable directory, such as + /tmp (the default), other users on the + server may be able to hijack sessions by getting the list of + files in that directory. + + + + Windows users have to change this variable in order to use PHP's + session functions. Make sure to specify a valid path, e.g.: + c:/temp. + + + + + + + session.name + string + + + + session.name specifies the name of the + session which is used as cookie name. It should only contain + alphanumeric characters. Defaults to PHPSESSID. + + + + + + + session.auto_start + boolean + + + + session.auto_start specifies whether the + session module starts a session automatically on request + startup. Defaults to 0 (disabled). + + + + + + + session.cookie_lifetime + integer + + + + session.cookie_lifetime specifies the lifetime of + the cookie in seconds which is sent to the browser. The value 0 + means "until the browser is closed." Defaults to + 0. + + + + + + + session.serialize_handler + string + + + + session.serialize_handler defines the name + of the handler which is used to serialize/deserialize + data. Currently, a PHP internal format (name + php) and WDDX is supported (name + wddx). WDDX is only available, if PHP is + compiled with WDDX + support. Defaults to php. + + + + + + + session.gc_probability + integer + + + + session.gc_probability specifies the + probability that the gc (garbage collection) routine is started + on each request in percent. Defaults to 1. + + + + + + + session.gc_maxlifetime + integer + + + + session.gc_maxlifetime specifies the number + of seconds after which data will be seen as 'garbage' and + cleaned up. + + + If you are using the default file-based session handler, your + filesystem must keep track of access times (atime). Windows FAT does + not so you will have to come up with another way to handle garbage + collecting your session if you are stuck with a FAT filesystem or any + other fs where atime tracking is not available. + + + + + + + + session.referer_check + string + + + + session.referer_check contains the + substring you want to check each HTTP Referer for. If the + Referer was sent by the client and the substring was not + found, the embedded session id will be marked as invalid. + Defaults to the empty string. + + + + + + + session.entropy_file + string + + + + session.entropy_file gives a path to an + external resource (file) which will be used as an additional + entropy source in the session id creation process. Examples are + /dev/random or /dev/urandom + which are available on many Unix systems. + + + + + + + session.entropy_length + integer + + + + session.entropy_length specifies the number + of bytes which will be read from the file specified + above. Defaults to 0 (disabled). + + + + + + + session.use_cookies + boolean + + + + session.use_cookies specifies whether the + module will use cookies to store the session id on the client + side. Defaults to 1 (enabled). + + + + + + + session.use_only_cookies + boolean + + + + session.use_only_cookies specifies whether + the module will only use + cookies to store the session id on the client side. Defaults + to 0 (disabled, for backward compatibility). + Enabling this setting prevents attacks involved passing session + ids in URLs. This setting was added in PHP + 4.3.0. + + + + + + + session.cookie_path + string + + + + session.cookie_path specifies path to set + in session_cookie. Defaults to /. + + + + + + + session.cookie_domain + string + + + + session.cookie_domain specifies domain to + set in session_cookie. Default is none at all. + + + + + + + session.cache_limiter + string + + + + session.cache_limiter specifies cache + control method to use for session pages + (none/nocache/private/private_no_expire/public). Defaults to + nocache. + + + + + + + + session.cache_expire + integer + + + + session.cache_expire specifies time-to-live + for cached session pages in minutes, this has no effect for + nocache limiter. Defaults to 180. + + + + + + + session.use_trans_sid + boolean + + + + session.use_trans_sid whether transparent + sid support is enabled or not. Defaults to + 0 (disabled). + + + + For PHP 4.1.2 or less, it is enabled by compiling with + + --enable-trans-sid. + From PHP 4.2.0, trans-sid feature is always compiled. + + + URL based session management has additional security risks + compared to cookie based session management. Users may send + an URL that contains an active session ID to their friends by + email or users may save an URL that contains a session ID to + their bookmarks and access your site with the same session ID + always, for example. + + + + + + + + url_rewriter.tags + string + + + + url_rewriter.tags specifies which html tags + are rewritten to include session id if transparent sid support + is enabled. Defaults to + a=href,area=href,frame=src,input=src,form=fakeentry + + + + + + + + The track_vars and + register_globals + configuration settings influence how the session variables get + stored and restored. + + + + + As of PHP 4.0.3, track_vars is + always turned on. + +