mirrors/php-src
0
0
Fork 0
mirror of https://github.com/php/php-src.git synced 2024-11-27 03:44:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'PHP-7.1'

Browse Source 
* PHP-7.1:
  Merge RFC: Session ID without hashing https://wiki.php.net/rfc/session-id-without-hashing
This commit is contained in:
Yasuo Ohgaki 2016-08-12 12:31:45 +09:00
commit 66f0694c4a
13 changed files with 108 additions and 485 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
ext/session/php_session.h
View File

@ -151,9 +151,7 @@ typedef struct _php_ps_globals {
char *session_name;
zend_string *id;
char *extern_referer_chk;
char *entropy_file;
char *cache_limiter;
zend_long entropy_length;
zend_long cookie_lifetime;
char *cookie_path;
char *cookie_domain;
@ -191,11 +189,8 @@ typedef struct _php_ps_globals {
zend_bool use_only_cookies;
zend_bool use_trans_sid; /* contains the INI value of whether to use trans-sid */
zend_long hash_func;
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
php_hash_ops *hash_ops;
#endif
zend_long hash_bits_per_character;
zend_long sid_length;
zend_long sid_bits_per_character;
int send_cookie;
int define_sid;

238
ext/session/session.c
View File

@ -40,13 +40,11 @@
#include "rfc1867.h"
#include "php_variables.h"
#include "php_session.h"
#include "ext/standard/md5.h"
#include "ext/standard/sha1.h"
#include "ext/standard/php_random.h"
#include "ext/standard/php_var.h"
#include "ext/date/php_date.h"
#include "ext/standard/php_lcg.h"
#include "ext/standard/url_scanner_ex.h"
#include "ext/standard/php_rand.h" /* for RAND_MAX */
#include "ext/standard/info.h"
#include "zend_smart_str.h"
#include "ext/standard/url.h"
@ -81,6 +79,8 @@ zend_class_entry *php_session_update_timestamp_class_entry;
/* SessionUpdateTimestampInterface */
zend_class_entry *php_session_update_timestamp_iface_entry;
#define PS_MAX_SID_LENGTH 256
/* ***********
* Helpers *
*********** */
@ -259,17 +259,12 @@ static int php_session_decode(zend_string *data) /* {{{ */
static char hexconvtab[] = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ,-";
enum {
PS_HASH_FUNC_MD5,
PS_HASH_FUNC_SHA1,
PS_HASH_FUNC_OTHER
};
/* returns a pointer to the byte after the last valid character in out */
static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {{{ */
static size_t bin_to_readable(unsigned char *in, size_t inlen, char *out, char nbits) /* {{{ */
{
unsigned char *p, *q;
unsigned short w;
size_t len = inlen;
int mask;
int have;
@ -280,7 +275,7 @@ static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {
have = 0;
mask = (1 << nbits) - 1;
while (1) {
while (inlen--) {
if (have < nbits) {
if (p < q) {
w |= *p++ << have;
@ -300,151 +295,24 @@ static char *bin_to_readable(char *in, size_t inlen, char *out, char nbits) /* {
}
*out = '\0';
return out;
return len;
}
/* }}} */
#define PS_EXTRA_RAND_BYTES 60
PHPAPI zend_string *php_session_create_id(PS_CREATE_SID_ARGS) /* {{{ */
{
PHP_MD5_CTX md5_context;
PHP_SHA1_CTX sha1_context;
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
void *hash_context = NULL;
#endif
unsigned char *digest;
size_t digest_len;
char *buf;
struct timeval tv;
zval *array;
zval *token;
unsigned char rbuf[PS_MAX_SID_LENGTH + PS_EXTRA_RAND_BYTES];
zend_string *outid;
char *remote_addr = NULL;
gettimeofday(&tv, NULL);
if ((array = zend_hash_str_find(&EG(symbol_table), "_SERVER", sizeof("_SERVER") - 1)) &&
Z_TYPE_P(array) == IS_ARRAY &&
(token = zend_hash_str_find(Z_ARRVAL_P(array), "REMOTE_ADDR", sizeof("REMOTE_ADDR") - 1)) &&
Z_TYPE_P(token) == IS_STRING
) {
remote_addr = Z_STRVAL_P(token);
/* Read additional PS_EXTRA_RAND_BYTES just in case CSPRNG is not safe enough */
if (php_random_bytes_throw(rbuf, PS(sid_length) + PS_EXTRA_RAND_BYTES) == FAILURE) {
return NULL;
}
/* maximum 15+19+19+10 bytes */
spprintf(&buf, 0, "%.15s%ld" ZEND_LONG_FMT "%0.8F", remote_addr ? remote_addr : "", tv.tv_sec, (zend_long)tv.tv_usec, php_combined_lcg() * 10);
switch (PS(hash_func)) {
case PS_HASH_FUNC_MD5:
PHP_MD5Init(&md5_context);
PHP_MD5Update(&md5_context, (unsigned char *) buf, strlen(buf));
digest_len = 16;
break;
case PS_HASH_FUNC_SHA1:
PHP_SHA1Init(&sha1_context);
PHP_SHA1Update(&sha1_context, (unsigned char *) buf, strlen(buf));
digest_len = 20;
break;
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
case PS_HASH_FUNC_OTHER:
if (!PS(hash_ops)) {
efree(buf);
zend_throw_error(NULL, "Invalid session hash function");
return NULL;
}
hash_context = emalloc(PS(hash_ops)->context_size);
PS(hash_ops)->hash_init(hash_context);
PS(hash_ops)->hash_update(hash_context, (unsigned char *) buf, strlen(buf));
digest_len = PS(hash_ops)->digest_size;
break;
#endif /* HAVE_HASH_EXT */
default:
efree(buf);
zend_throw_error(NULL, "Invalid session hash function");
return NULL;
}
efree(buf);
if (PS(entropy_length) > 0) {
#ifdef PHP_WIN32
unsigned char rbuf[2048];
size_t toread = PS(entropy_length);
if (php_win32_get_random_bytes(rbuf, MIN(toread, sizeof(rbuf))) == SUCCESS){
switch (PS(hash_func)) {
case PS_HASH_FUNC_MD5:
PHP_MD5Update(&md5_context, rbuf, toread);
break;
case PS_HASH_FUNC_SHA1:
PHP_SHA1Update(&sha1_context, rbuf, toread);
break;
# if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
case PS_HASH_FUNC_OTHER:
PS(hash_ops)->hash_update(hash_context, rbuf, toread);
break;
# endif /* HAVE_HASH_EXT */
}
}
#else
int fd;
fd = VCWD_OPEN(PS(entropy_file), O_RDONLY);
if (fd >= 0) {
unsigned char rbuf[2048];
int n;
int to_read = PS(entropy_length);
while (to_read > 0) {
n = read(fd, rbuf, MIN(to_read, sizeof(rbuf)));
if (n <= 0) break;
switch (PS(hash_func)) {
case PS_HASH_FUNC_MD5:
PHP_MD5Update(&md5_context, rbuf, n);
break;
case PS_HASH_FUNC_SHA1:
PHP_SHA1Update(&sha1_context, rbuf, n);
break;
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
case PS_HASH_FUNC_OTHER:
PS(hash_ops)->hash_update(hash_context, rbuf, n);
break;
#endif /* HAVE_HASH_EXT */
}
to_read -= n;
}
close(fd);
}
#endif
}
digest = emalloc(digest_len + 1);
switch (PS(hash_func)) {
case PS_HASH_FUNC_MD5:
PHP_MD5Final(digest, &md5_context);
break;
case PS_HASH_FUNC_SHA1:
PHP_SHA1Final(digest, &sha1_context);
break;
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
case PS_HASH_FUNC_OTHER:
PS(hash_ops)->hash_final(digest, hash_context);
efree(hash_context);
break;
#endif /* HAVE_HASH_EXT */
}
if (PS(hash_bits_per_character) < 4
|| PS(hash_bits_per_character) > 6) {
PS(hash_bits_per_character) = 4;
php_error_docref(NULL, E_WARNING, "The ini setting hash_bits_per_character is out of range (should be 4, 5, or 6) - using 4 for now");
}
outid = zend_string_alloc((digest_len + 2) * ((8.0f / PS(hash_bits_per_character) + 0.5)), 0);
ZSTR_LEN(outid) = (size_t)(bin_to_readable((char *)digest, digest_len, ZSTR_VAL(outid), (char)PS(hash_bits_per_character)) - (char *)&ZSTR_VAL(outid));
efree(digest);
outid = zend_string_alloc(PS(sid_length), 0);
ZSTR_LEN(outid) = bin_to_readable(rbuf, PS(sid_length), ZSTR_VAL(outid), (char)PS(sid_bits_per_character));
return outid;
}
@ -476,7 +344,7 @@ PHPAPI int php_session_valid_key(const char *key) /* {{{ */
/* Somewhat arbitrary length limit here, but should be way more than
anyone needs and avoids file-level warnings later on if we exceed MAX_PATH */
if (len == 0 || len > 128) {
if (len == 0 || len > PS_MAX_SID_LENGTH) {
ret = FAILURE;
}
@ -773,55 +641,43 @@ static PHP_INI_MH(OnUpdateName) /* {{{ */
}
/* }}} */
static PHP_INI_MH(OnUpdateHashFunc) /* {{{ */
static PHP_INI_MH(OnUpdateSidLength) /* {{{ */
{
zend_long val;
char *endptr = NULL;
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH)
PS(hash_ops) = NULL;
#endif
val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10);
if (endptr && (*endptr == '\0')) {
if (endptr && (*endptr == '\0')
&& val >= 22 && val <= PS_MAX_SID_LENGTH) {
/* Numeric value */
PS(hash_func) = val ? 1 : 0;
PS(sid_length) = val;
return SUCCESS;
}
if (ZSTR_LEN(new_value) == (sizeof("md5") - 1) &&
strncasecmp(ZSTR_VAL(new_value), "md5", sizeof("md5") - 1) == 0) {
PS(hash_func) = PS_HASH_FUNC_MD5;
return SUCCESS;
}
if (ZSTR_LEN(new_value) == (sizeof("sha1") - 1) &&
strncasecmp(ZSTR_VAL(new_value), "sha1", sizeof("sha1") - 1) == 0) {
PS(hash_func) = PS_HASH_FUNC_SHA1;
return SUCCESS;
}
#if defined(HAVE_HASH_EXT) && !defined(COMPILE_DL_HASH) /* {{{ */
{
php_hash_ops *ops = (php_hash_ops*)php_hash_fetch_ops(ZSTR_VAL(new_value), ZSTR_LEN(new_value));
if (ops) {
PS(hash_func) = PS_HASH_FUNC_OTHER;
PS(hash_ops) = ops;
return SUCCESS;
}
}
#endif /* HAVE_HASH_EXT }}} */
php_error_docref(NULL, E_WARNING, "session.configuration 'session.hash_function' must be existing hash function. %s does not exist.", ZSTR_VAL(new_value));
php_error_docref(NULL, E_WARNING, "session.configuration 'session.sid_length' must be between 22 and 256.");
return FAILURE;
}
/* }}} */
static PHP_INI_MH(OnUpdateSidBits) /* {{{ */
{
zend_long val;
char *endptr = NULL;
val = ZEND_STRTOL(ZSTR_VAL(new_value), &endptr, 10);
if (endptr && (*endptr == '\0')
&& val >= 4 && val <=6) {
/* Numeric value */
PS(sid_bits_per_character) = val;
return SUCCESS;
}
php_error_docref(NULL, E_WARNING, "session.configuration 'session.sid_bits' must be between 4 and 6.");
return FAILURE;
}
/* }}} */
static PHP_INI_MH(OnUpdateRfc1867Freq) /* {{{ */
{
int tmp;
@ -862,21 +718,11 @@ PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_strict_mode", "0", PHP_INI_ALL, OnUpdateBool, use_strict_mode, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
#if HAVE_DEV_URANDOM
STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_length", "32", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
#elif HAVE_DEV_ARANDOM
STD_PHP_INI_ENTRY("session.entropy_file", "/dev/arandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_length", "32", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
#else
STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
#endif
STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals)
PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid)
PHP_INI_ENTRY("session.hash_function", "0", PHP_INI_ALL, OnUpdateHashFunc)
STD_PHP_INI_ENTRY("session.hash_bits_per_character", "4", PHP_INI_ALL, OnUpdateLong, hash_bits_per_character, php_ps_globals, ps_globals)
PHP_INI_ENTRY("session.sid_length", "32", PHP_INI_ALL, OnUpdateSidLength)
PHP_INI_ENTRY("session.sid_bits_per_character", "4", PHP_INI_ALL, OnUpdateSidBits)
STD_PHP_INI_BOOLEAN("session.lazy_write", "1", PHP_INI_ALL, OnUpdateBool, lazy_write, php_ps_globals, ps_globals)
/* Upload progress */

4
ext/session/tests/bug68063.phpt
View File

@ -4,8 +4,8 @@ Bug #68063 (Empty session IDs do still start sessions)
<?php include('skipif.inc'); ?>
--INI--
session.use_strict_mode=0
session.hash_function=1
session.hash_bits_per_character=4
session.sid_length=40
session.sid_bits_per_character=4
--FILE--
<?php
// Empty session ID may happen by browser bugs

32
ext/session/tests/bug71186.phpt
View File

@ -1,32 +0,0 @@
--TEST--
Bug #71186 session.hash_function - algorithm changes
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.hash_function=sha512
session.save_handler=files
--FILE--
<?php
ob_start();
ini_set('session.use_strict_mode', 1);
session_start();
$orig = session_id();
session_regenerate_id();
$new = session_id();
var_dump(strlen($orig),strlen($new));
session_commit();
ini_set('session.hash_function','sha1');
session_id('invalid');
session_start();
$orig = session_id();
session_regenerate_id();
$new = session_id();
var_dump(strlen($orig),strlen($new));
?>
--EXPECT--
int(128)
int(128)
int(40)
int(40)

1
ext/session/tests/rfc1867_sid_invalid.phpt
View File

@ -9,6 +9,7 @@ session.save_path=
session.name=PHPSESSID
session.use_cookies=1
session.use_only_cookies=0
session.use_strict_mode=0
session.auto_start=0
session.upload_progress.enabled=1
session.upload_progress.cleanup=0

52
ext/session/tests/session_hash_function_basic.phpt
View File

@ -1,52 +0,0 @@
--TEST--
Test session.hash_function ini setting : basic functionality
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.hash_bits_per_character=4
--FILE--
<?php
ob_start();
echo "*** Testing session.hash_function : basic functionality ***\n";
var_dump(ini_set('session.hash_function', 'md5'));
var_dump(session_start());
var_dump(!empty(session_id()), session_id());
var_dump(session_destroy());
var_dump(ini_set('session.hash_function', 'sha1'));
var_dump(session_start());
var_dump(!empty(session_id()), session_id());
var_dump(session_destroy());
var_dump(ini_set('session.hash_function', 'none')); // Should fail
var_dump(session_start());
var_dump(!empty(session_id()), session_id());
var_dump(session_destroy());
echo "Done";
ob_end_flush();
?>
--EXPECTF--
*** Testing session.hash_function : basic functionality ***
string(1) "0"
bool(true)
bool(true)
string(32) "%s"
bool(true)
string(3) "md5"
bool(true)
bool(true)
string(40) "%s"
bool(true)
Warning: ini_set(): session.configuration 'session.hash_function' must be existing hash function. none does not exist. in %s%esession_hash_function_basic.php on line 17
bool(false)
bool(true)
bool(true)
string(40) "%s"
bool(true)
Done

38
ext/session/tests/session_id_basic2.phpt Normal file
View File

@ -0,0 +1,38 @@
--TEST--
Test session_id() function : basic functionality
--SKIPIF--
<?php include('skipif.inc'); ?>
--FILE--
<?php
ob_start();
/*
* Prototype : string session_id([string $id])
* Description : Get and/or set the current session id
* Source code : ext/session/session.c
*/
echo "*** Testing session_id() : basic functionality ***\n";
ini_set('session.sid_bits_per_chracter', 6);
ini_set('session.sid_length', 240);
session_start();
var_dump(session_id());
session_commit();
ini_set('session.sid_bits_per_chracter', 4);
ini_set('session.sid_length', 22);
session_start();
session_regenerate_id();
var_dump(session_id());
session_commit();
echo "Done";
?>
--EXPECTF--
*** Testing session_id() : basic functionality ***
string(240) "%s"
string(22) "%s"
Done

37
ext/session/tests/session_id_error4.phpt
View File

@ -1,37 +0,0 @@
--TEST--
Test session_id() function : error functionality
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.hash_function=0
session.hash_bits_per_character=4
--FILE--
<?php
ob_start();
/*
* Prototype : string session_id([string $id])
* Description : Get and/or set the current session id
* Source code : ext/session/session.c
*/
echo "*** Testing session_id() : error functionality ***\n";
var_dump(ini_set("session.hash_function", -1));
var_dump(session_id());
var_dump(session_start());
var_dump(session_id());
var_dump(session_destroy());
echo "Done";
ob_end_flush();
?>
--EXPECTF--
*** Testing session_id() : error functionality ***
string(1) "0"
string(0) ""
bool(true)
string(40) "%s"
bool(true)
Done

48
ext/session/tests/session_id_variation1.phpt
View File

@ -1,48 +0,0 @@
--TEST--
Test session_id() function : variation
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.hash_function=0
--FILE--
<?php
ob_start();
/*
* Prototype : string session_id([string $id])
* Description : Get and/or set the current session id
* Source code : ext/session/session.c
*/
echo "*** Testing session_id() : variation ***\n";
var_dump(ini_set("session.hash_function", 0));
var_dump(session_id());
var_dump(session_start());
var_dump(session_id());
var_dump(session_destroy());
var_dump(ini_set("session.hash_function", 1));
var_dump(session_id());
var_dump(session_start());
var_dump(session_id());
var_dump(session_destroy());
echo "Done";
ob_end_flush();
?>
--EXPECTF--
*** Testing session_id() : variation ***
string(1) "0"
string(0) ""
bool(true)
string(%d) "%s"
bool(true)
string(1) "0"
string(0) ""
bool(true)
string(%d) "%s"
bool(true)
Done

61
ext/session/tests/session_id_variation2.phpt
View File

@ -1,61 +0,0 @@
--TEST--
Test session_id() function : variation
--SKIPIF--
<?php include('skipif.inc'); ?>
--INI--
session.hash_function=0
session.entropy_file=
session.entropy_length=0
--FILE--
<?php
ob_start();
/*
* Prototype : string session_id([string $id])
* Description : Get and/or set the current session id
* Source code : ext/session/session.c
*/
echo "*** Testing session_id() : variation ***\n";
$directory = dirname(__FILE__);
$filename = ($directory."/entropy.txt");
var_dump(ini_set("session.entropy_file", $filename));
var_dump(file_put_contents($filename, "Hello World!"));
var_dump(ini_set("session.entropy_length", filesize($filename)));
var_dump(ini_set("session.hash_function", 0));
var_dump(session_id());
var_dump(session_start());
var_dump(session_id());
var_dump(session_destroy());
var_dump(ini_set("session.hash_function", 1));
var_dump(session_id());
var_dump(session_start());
var_dump(session_id());
var_dump(session_destroy());
var_dump(unlink($filename));
echo "Done";
ob_end_flush();
?>
--EXPECTF--
*** Testing session_id() : variation ***
string(0) ""
int(12)
string(1) "0"
string(1) "0"
string(0) ""
bool(true)
string(%d) "%s"
bool(true)
string(1) "0"
string(0) ""
bool(true)
string(%d) "%s"
bool(true)
bool(true)
Done

1
ext/session/tests/session_set_save_handler_variation6.phpt
View File

@ -1,6 +1,7 @@
--TEST--
Test session_set_save_handler() function : test lazy_write
--INI--
session.use_strict_mode=0
session.lazy_write=1
session.save_path=
session.name=PHPSESSID

36
php.ini-development
View File

@ -143,7 +143,7 @@
; Development Value: 1000
; Production Value: 1000
; session.hash_bits_per_character
; session.sid_bits_per_character
; Default Value: 4
; Development Value: 5
; Production Value: 5
@ -1411,19 +1411,6 @@ session.gc_maxlifetime = 1440
; http://php.net/session.referer-check
session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
; Defaults to /dev/urandom
; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
; If neither are found at compile time, the default is no entropy file.
; On windows, setting the entropy_length setting will activate the
; Windows random source (using the CryptoAPI)
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
@ -1445,6 +1432,15 @@ session.cache_expire = 180
; http://php.net/session.use-trans-sid
session.use_trans_sid = 0
; Set session ID character length. This value could be between 22 to 256.
; Shorter length than default is supported only for compatibility reason.
; Users should use 32 or more chars.
; http://php.net/session.sid_length
; Default Value: 32
; Development Value: 26
; Production Value: 26
session.sid_length = 26
; The URL rewriter will look for URLs in a defined set of HTML tags.
; <form> is special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
@ -1470,16 +1466,6 @@ session.trans_sid_tags = "a=href,area=href,frame=src,form="
; Production Value: ""
;session.trans_sid_hosts=""
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_algos()
; function.
; http://php.net/session.hash-function
session.hash_function = 0
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
@ -1490,7 +1476,7 @@ session.hash_function = 0
; Development Value: 5
; Production Value: 5
; http://php.net/session.hash-bits-per-character
session.hash_bits_per_character = 5
session.sid_bits_per_character = 5
; Enable upload progress tracking in $_SESSION
; Default Value: On

36
php.ini-production
View File

@ -143,7 +143,7 @@
; Development Value: 1000
; Production Value: 1000
; session.hash_bits_per_character
; session.sid_bits_per_character
; Default Value: 4
; Development Value: 5
; Production Value: 5
@ -1411,19 +1411,6 @@ session.gc_maxlifetime = 1440
; http://php.net/session.referer-check
session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
; Defaults to /dev/urandom
; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
; If neither are found at compile time, the default is no entropy file.
; On windows, setting the entropy_length setting will activate the
; Windows random source (using the CryptoAPI)
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
@ -1445,6 +1432,15 @@ session.cache_expire = 180
; http://php.net/session.use-trans-sid
session.use_trans_sid = 0
; Set session ID character length. This value could be between 22 to 256.
; Shorter length than default is supported only for compatibility reason.
; Users should use 32 or more chars.
; http://php.net/session.sid_length
; Default Value: 32
; Development Value: 26
; Production Value: 26
session.sid_length = 26
; The URL rewriter will look for URLs in a defined set of HTML tags.
; <form> is special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
@ -1470,16 +1466,6 @@ session.trans_sid_tags = "a=href,area=href,frame=src,form="
; Production Value: ""
;session.trans_sid_hosts=""
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_algos()
; function.
; http://php.net/session.hash-function
session.hash_function = 0
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
@ -1490,7 +1476,7 @@ session.hash_function = 0
; Development Value: 5
; Production Value: 5
; http://php.net/session.hash-bits-per-character
session.hash_bits_per_character = 5
session.sid_bits_per_character = 5
; Enable upload progress tracking in $_SESSION
; Default Value: On