Skip to content


$_SESSION sharing among multiple php apps served from same website #945

robocoder opened this Issue · 1 comment

1 participant


Session conflicts may arise.

Suggested remedies:

  • add Piwik_ prefix to session namespaces
  • set session name (default is PHPSESSID; ZF sets it to ZFSESSION); what if user has set it in .htaccess?
  • regenerate session ID at login/logout

In [1460], fixes #945 - Piwik sets the to 'PIWIK_SESSID'; define('PIWIK_SESSION_NAME', ...) in bootstrap.php to override; session namespaces now prefixed by Piwik_. We regenerate session ID at login/logout to mitigate session fixation attacks.

@robocoder robocoder added this to the Piwik 0.4.4 milestone
@robocoder robocoder self-assigned this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.