Improve session.referer_check documentation.

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@30427 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-16 08:58:56 +00:00 · 2000-08-17 21:11:52 +00:00 · 2000-08-17 21:11:52 +00:00 · b3c481736c
commit b3c481736c
parent faba3ac0a2
1 changed files with 4 additions and 6 deletions
--- a/functions/session.xml
+++ b/functions/session.xml
@ -274,12 +274,10 @@ close
     </listitem>
     <listitem>
      <simpara>
-       <literal>session.referer_check</literal> determines whether
-       session ids referred to by external sites will be
-       eliminated. If session ids are propagated using the URL method,
-       users not knowing about the impact might publish session
-       ids. This can lead to security problems which this check tries
-       to defeat. Defaults to <literal>0</literal>.
+       <literal>session.referer_check</literal> contains the substring you
+       want to check each HTTP Referer for. If the Referer was sent by the
+       client and the substring was not found, an embedded session id will 
+       be marked as invalidate. Defaults to the empty string.
      </simpara>
     </listitem>
     <listitem>