[Mediawiki-l] PHPSESSID in MediaWiki
brion at pobox.com
Wed Feb 9 03:16:42 UTC 2005
> The PHPSESSID is displayed in my MediaWiki site. How secure is it to
> have PHPSESSID displayed? If it can be disabled what is the best way to
> do it? Thanks
This is a PHP sessions option; I'd recommend turning it off, as session
IDs could be taken from the referer information passed by the browser
when the user clicks on an external link.
I believe the option to turn off is session.use_trans_sid. You can do
this in php.ini, possibly in an .htaccess, or with the ini_set()
function in your LocalSettings.php.
-- brion vibber (brion @ pobox.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://lists.wikimedia.org/pipermail/mediawiki-l/attachments/20050208/3b398848/attachment.pgp
More information about the MediaWiki-l