Jérémie Bouillon wrote:
Some links generate by MediaWiki are like this in the
HTML page:
http://domain.tld/wiki/Accueil?string_mediawiki__session=06bbf1b62b459866c6…
Where "string" is my MySQL database and user name (both are the same).
Not all the time, not all the links (only the [[wiki]] links it seems.
This bug appear from time to time, a page refresh may get rid of it.
ANyone have seens anything like this? Any ideas where it can come from?
Looks like you've got a deprecated option in PHP's session management
enabled.
The documentation says of session.use_trans_sid:
"URL based session management has additional security risks compared to
cookie based session management. Users may send a URL that contains an
active session ID to their friends by email or users may save a URL that
contains a session ID to their bookmarks and access your site with the
same session ID always, for example."
Since it's not safe, it's recommended to keep it off (it's off by
default). To get rid of it, set session.use_trans_sid off in php.ini (or
.htaccess etc)
See PHP's session documentation for settings here:
http://www.php.net/session
-- brion vibber (brion @
pobox.com)