From 1416aaf1343a7d2122a099a5e6feb1f847621f2d Mon Sep 17 00:00:00 2001 From: David Hicks Date: Sat, 25 Dec 2010 20:20:45 +1100 Subject: [PATCH] Issue #11738: Deprecate $g_session_key configuration option We don't need to use a unique 'session_key' configuration option anymore as we can just derive a unique key from $g_crypto_master_salt. --- config_defaults_inc.php | 7 ------- core/obsolete.php | 1 + core/session_api.php | 2 +- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/config_defaults_inc.php b/config_defaults_inc.php index 52d09b20a8..043f73cda8 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -234,13 +234,6 @@ */ $g_session_handler = 'php'; -/** - * Session key name. Should be unique between multiple installations to prevent - * conflicts. - * @global string $g_session_key - */ -$g_session_key = 'MantisBT'; - /** * Session save path. If false, uses default value as set by session handler. * @global bool $g_session_save_path diff --git a/core/obsolete.php b/core/obsolete.php index 3ffa934060..28c9de2a0b 100644 --- a/core/obsolete.php +++ b/core/obsolete.php @@ -155,3 +155,4 @@ config_obsolete( 'show_queries_threshold', 'show_log_threshold' ); config_obsolete( 'show_queries_list' ); config_obsolete( 'administrator_email', 'webmaster_email' ); +config_obsolete( 'session_key' ); diff --git a/core/session_api.php b/core/session_api.php index f4cfbcbf73..efcd015a21 100644 --- a/core/session_api.php +++ b/core/session_api.php @@ -102,7 +102,7 @@ function __construct( $p_session_id=null ) { global $g_cookie_secure_flag_enabled; global $g_cookie_httponly_flag_enabled; - $this->key = config_get_global( 'session_key' ); + $this->key = hash( 'whirlpool', 'session_key' . config_get_global( 'crypto_master_salt' ), true ); # Save session information where specified or with PHP's default $t_session_save_path = config_get_global( 'session_save_path' );