269 lines
10 KiB
INI
269 lines
10 KiB
INI
[Session]
|
|
; Handler used to store/retrieve data.
|
|
; http://php.net/session.save-handler
|
|
session.save_handler = files
|
|
|
|
; Argument passed to save_handler. In the case of files, this is the path
|
|
; where data files are stored. Note: Windows users have to change this
|
|
; variable in order to use PHP's session functions.
|
|
;
|
|
; The path can be defined as:
|
|
;
|
|
; session.save_path = "N;/path"
|
|
;
|
|
; where N is an integer. Instead of storing all the session files in
|
|
; /path, what this will do is use subdirectories N-levels deep, and
|
|
; store the session data in those directories. This is useful if
|
|
; your OS has problems with many files in one directory, and is
|
|
; a more efficient layout for servers that handle many sessions.
|
|
;
|
|
; NOTE 1: PHP will not create this directory structure automatically.
|
|
; You can use the script in the ext/session dir for that purpose.
|
|
; NOTE 2: See the section on garbage collection below if you choose to
|
|
; use subdirectories for session storage
|
|
;
|
|
; The file storage module creates files using mode 600 by default.
|
|
; You can change that by using
|
|
;
|
|
; session.save_path = "N;MODE;/path"
|
|
;
|
|
; where MODE is the octal representation of the mode. Note that this
|
|
; does not overwrite the process's umask.
|
|
; http://php.net/session.save-path
|
|
session.save_path = "/var/lib/php/sessions"
|
|
|
|
; Name of the session (used as cookie name).
|
|
; http://php.net/session.name
|
|
session.name = PHP_SESSION_ID
|
|
|
|
; Initialize session on request startup.
|
|
; http://php.net/session.auto-start
|
|
;session.auto_start = 0
|
|
|
|
; Handler used to serialize data. php is the standard serializer of PHP.
|
|
; http://php.net/session.serialize-handler
|
|
session.serialize_handler = php_serialize
|
|
|
|
; Defines the probability that the 'garbage collection' process is started on every
|
|
; session initialization. The probability is calculated by using gc_probability/gc_divisor,
|
|
; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
|
|
; Default Value: 1
|
|
; Development Value: 1
|
|
; Production Value: 1
|
|
; http://php.net/session.gc-probability
|
|
;session.gc_probability = 1
|
|
|
|
; Defines the probability that the 'garbage collection' process is started on every
|
|
; session initialization. The probability is calculated by using gc_probability/gc_divisor,
|
|
; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
|
|
; For high volume production servers, using a value of 1000 is a more efficient approach.
|
|
; Default Value: 100
|
|
; Development Value: 1000
|
|
; Production Value: 1000
|
|
; http://php.net/session.gc-divisor
|
|
;session.gc_divisor = 1000
|
|
|
|
; After this number of seconds, stored data will be seen as 'garbage' and
|
|
; cleaned up by the garbage collection process.
|
|
; http://php.net/session.gc-maxlifetime
|
|
session.gc_maxlifetime = 86400
|
|
|
|
; NOTE: If you are using the subdirectory option for storing session files
|
|
; (see session.save_path above), then garbage collection does *not*
|
|
; happen automatically. You will need to do your own garbage
|
|
; collection through a shell script, cron entry, or some other method.
|
|
; For example, the following script is the equivalent of setting
|
|
; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
|
|
; find /path/to/sessions -cmin +24 -type f | xargs rm
|
|
|
|
; Check HTTP Referer to invalidate externally stored URLs containing ids.
|
|
; HTTP_REFERER has to contain this substring for the session to be
|
|
; considered as valid.
|
|
; http://php.net/session.referer-check
|
|
;session.referer_check =
|
|
|
|
; Gives a path to an external resource (file) which will be used as an
|
|
; additional entropy source in the session id creation process.
|
|
;session.entropy_file string = /dev/urandom
|
|
|
|
; Whether to use strict session mode.
|
|
; Strict session mode does not accept an uninitialized session ID, and
|
|
; regenerates the session ID if the browser sends an uninitialized session ID.
|
|
; Strict mode protects applications from session fixation via a session adoption
|
|
; vulnerability. It is disabled by default for maximum compatibility, but
|
|
; enabling it is encouraged.
|
|
; https://wiki.php.net/rfc/strict_sessions
|
|
;session.use_strict_mode = 0
|
|
|
|
; Whether to use cookies.
|
|
; http://php.net/session.use-cookies
|
|
; session.use_cookies = 1
|
|
|
|
; This option forces PHP to fetch and use a cookie for storing and maintaining
|
|
; the session id. We encourage this operation as it's very helpful in combating
|
|
; session hijacking when not specifying and managing your own session id. It is
|
|
; not the be-all and end-all of session hijacking defense, but it's a good start.
|
|
; http://php.net/session.use-only-cookies
|
|
;session.use_only_cookies = 1
|
|
|
|
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
|
|
; http://php.net/session.cookie-lifetime
|
|
;session.cookie_lifetime = 0
|
|
|
|
; The path for which the cookie is valid.
|
|
; http://php.net/session.cookie-path
|
|
;session.cookie_path = /
|
|
|
|
; The domain for which the cookie is valid.
|
|
; http://php.net/session.cookie-domain
|
|
;session.cookie_domain =
|
|
|
|
; http://php.net/session.cookie-secure
|
|
; session.cookie_secure = On
|
|
|
|
; Whether or not to add the httpOnly flag to the cookie, which makes it
|
|
; inaccessible to browser scripting languages such as JavaScript.
|
|
; http://php.net/session.cookie-httponly
|
|
session.cookie_httponly = Off
|
|
|
|
; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
|
|
; Current valid values are "Strict", "Lax" or "None". When using "None",
|
|
; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
|
|
; https://tools.ietf.org/html/draft-west-first-party-cookies-07
|
|
; session.cookie_samesite =
|
|
|
|
; Set to {nocache,private,public,} to determine HTTP caching aspects
|
|
; or leave this empty to avoid sending anti-caching headers.
|
|
; http://php.net/session.cache-limiter
|
|
;session.cache_limiter = nocache
|
|
|
|
; Document expires after n minutes.
|
|
; http://php.net/session.cache-expire
|
|
;session.cache_expire = 180
|
|
|
|
; trans sid support is disabled by default.
|
|
; Use of trans sid may risk your users' security.
|
|
; Use this option with caution.
|
|
; - User may send URL contains active session ID
|
|
; to other person via. email/irc/etc.
|
|
; - URL that contains active session ID may be stored
|
|
; in publicly accessible computer.
|
|
; - User may access your site with the same session ID
|
|
; always using URL stored in browser's history or bookmarks.
|
|
; http://php.net/session.use-trans-sid
|
|
;session.use_trans_sid = 0
|
|
|
|
; The URL rewriter will look for URLs in a defined set of HTML tags.
|
|
; <form> is special; if you include them here, the rewriter will
|
|
; add a hidden <input> field with the info which is otherwise appended
|
|
; to URLs. <form> tag's action attribute URL will not be modified
|
|
; unless it is specified.
|
|
; Note that all valid entries require a "=", even if no value follows.
|
|
; Default Value: "a=href,area=href,frame=src,form="
|
|
; Development Value: "a=href,area=href,frame=src,form="
|
|
; Production Value: "a=href,area=href,frame=src,form="
|
|
; http://php.net/url-rewriter.tags
|
|
;session.trans_sid_tags = "a=href,area=href,frame=src,form="
|
|
|
|
; URL rewriter does not rewrite absolute URLs by default.
|
|
; To enable rewrites for absolute paths, target hosts must be specified
|
|
; at RUNTIME. i.e. use ini_set()
|
|
; <form> tags is special. PHP will check action attribute's URL regardless
|
|
; of session.trans_sid_tags setting.
|
|
; If no host is defined, HTTP_HOST will be used for allowed host.
|
|
; Example value: php.net,www.php.net,wiki.php.net
|
|
; Use "," for multiple hosts. No spaces are allowed.
|
|
; Default Value: ""
|
|
; Development Value: ""
|
|
; Production Value: ""
|
|
;session.trans_sid_hosts=""
|
|
|
|
; Set session ID character length. This value could be between 22 to 256.
|
|
; Shorter length than default is supported only for compatibility reason.
|
|
; Users should use 32 or more chars.
|
|
; http://php.net/session.sid-length
|
|
; Default Value: 32
|
|
; Development Value: 26
|
|
; Production Value: 26
|
|
session.sid_length = 64
|
|
|
|
; Define how many bits are stored in each character when converting
|
|
; the binary hash data to something readable.
|
|
; Possible values:
|
|
; 4 (4 bits: 0-9, a-f)
|
|
; 5 (5 bits: 0-9, a-v)
|
|
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
|
|
; Default Value: 4
|
|
; Development Value: 5
|
|
; Production Value: 5
|
|
; http://php.net/session.hash-bits-per-character
|
|
session.sid_bits_per_character = 6
|
|
|
|
; Define the hash algorithm used to generate the session IDs.
|
|
; Possible values:
|
|
; '0' MD5 (128 bits)
|
|
; '1' SHA-1 (160 bits)
|
|
; It is also possible to specify any of the algorithms provided by the hash
|
|
; extension (if it is available), like sha512 or whirlpool.
|
|
session.hash_function = 1
|
|
|
|
; Define how many bits are stored in each character when converting
|
|
; the binary hash data to something readable.
|
|
; Possible values:
|
|
; 4 (4 bits: 0-9, a-f)
|
|
; 5 (5 bits: 0-9, a-v)
|
|
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
|
|
; Default Value: 4
|
|
; Development Value: 5
|
|
; Production Value: 5
|
|
session.hash_bits_per_character = 6
|
|
|
|
; Enable upload progress tracking in $_SESSION
|
|
; Default Value: On
|
|
; Development Value: On
|
|
; Production Value: On
|
|
; http://php.net/session.upload-progress.enabled
|
|
;session.upload_progress.enabled = On
|
|
|
|
; Cleanup the progress information as soon as all POST data has been read
|
|
; (i.e. upload completed).
|
|
; Default Value: On
|
|
; Development Value: On
|
|
; Production Value: On
|
|
; http://php.net/session.upload-progress.cleanup
|
|
;session.upload_progress.cleanup = 1
|
|
|
|
; A prefix used for the upload progress key in $_SESSION
|
|
; Default Value: "upload_progress_"
|
|
; Development Value: "upload_progress_"
|
|
; Production Value: "upload_progress_"
|
|
; http://php.net/session.upload-progress.prefix
|
|
;session.upload_progress.prefix = "upload_progress_"
|
|
|
|
; The index name (concatenated with the prefix) in $_SESSION
|
|
; containing the upload progress information
|
|
; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
|
|
; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
|
|
; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
|
|
; http://php.net/session.upload-progress.name
|
|
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
|
|
|
|
; How frequently the upload progress should be updated.
|
|
; Given either in percentages (per-file), or in bytes
|
|
; Default Value: "1%"
|
|
; Development Value: "1%"
|
|
; Production Value: "1%"
|
|
; http://php.net/session.upload-progress.freq
|
|
;session.upload_progress.freq = "1%"
|
|
|
|
; The minimum delay between updates, in seconds
|
|
; Default Value: 1
|
|
; Development Value: 1
|
|
; Production Value: 1
|
|
; http://php.net/session.upload-progress.min-freq
|
|
;session.upload_progress.min_freq = "1"
|
|
|
|
; Only write session data when session data is changed. Enabled by default.
|
|
; http://php.net/session.lazy-write
|
|
;session.lazy_write = On
|
|
session.lazy_write = Off
|