You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some complex scripts can't be embedded into CMSimple_XH (at least not without considerable effort), but they still can be useful. Hitherto, information could be passed to such "stand-alone" scripts easily via the session. This is unfortunately not easy anymore, since 33eaffe introduced named session, and the "stand-alone" script has no easy way to deduce the session name (especially, as this might change in a future version).
Therefore I suggest to store the name of the session in cmsimple/.sessionname, so a "stand-alone" script could read the file, set the session name accordingly and start the session.
The text was updated successfully, but these errors were encountered:
Before introducing the named sessions the session name always has been PHPSESSID. Using named sessions isn't supposed to improve security (but rather to separate the sessions of multiple installations), so there's no issue. Furthermore, in most cases the session name can be easily inferred from the URL (basically it's "XH" + CMSIMPLE_ROOT). Thirdly, direct access to cmsimple/ shouldn't be possible; the info in cmsimple/config.php would be more interesting for an attacker than the name of the session.
Some complex scripts can't be embedded into CMSimple_XH (at least not without considerable effort), but they still can be useful. Hitherto, information could be passed to such "stand-alone" scripts easily via the session. This is unfortunately not easy anymore, since 33eaffe introduced named session, and the "stand-alone" script has no easy way to deduce the session name (especially, as this might change in a future version).
Therefore I suggest to store the name of the session in
cmsimple/.sessionname
, so a "stand-alone" script could read the file, set the session name accordingly and start the session.The text was updated successfully, but these errors were encountered: