Important PHP settings for CMSimple_XH 1.6
Posted: Fri Jan 24, 2014 10:47 pm
Hello Community,
since CMSimple_XH 1.6 the authentication credentials of the site admin are stored in session variables, what basically is a security improvement over the former techniques. However, it is mandatory to keep the session ID secret---otherwise others might be able to easily hijack the admin's session.
You have to make sure that your PHP is configured to have session.use_trans_sid=0 (or Off). You can check that under Settings -> Info -> PHP-Info -> session (what counts is the "local value"). Additionally, you should have session.use_only_cookies=On (or 1).
If that is not so, you may be able to change the respective settings by adding a file .htaccess in the installation folder of CMSimple_XH with the following content (works for Apache webservers only, if at all):
Otherwise you'll have to contact the server admin to configure these settings for you.
German translation
Christoph
since CMSimple_XH 1.6 the authentication credentials of the site admin are stored in session variables, what basically is a security improvement over the former techniques. However, it is mandatory to keep the session ID secret---otherwise others might be able to easily hijack the admin's session.
You have to make sure that your PHP is configured to have session.use_trans_sid=0 (or Off). You can check that under Settings -> Info -> PHP-Info -> session (what counts is the "local value"). Additionally, you should have session.use_only_cookies=On (or 1).
If that is not so, you may be able to change the respective settings by adding a file .htaccess in the installation folder of CMSimple_XH with the following content (works for Apache webservers only, if at all):
Code: Select all
php_flag session.use_trans_sid off
php_flag session.use_only_cookies on
German translation
Christoph