Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

$_SESSION sharing among multiple php apps served from same website #945

Closed
robocoder opened this Issue · 1 comment

1 participant

@robocoder
Collaborator

Session conflicts may arise.

Suggested remedies:

  • add Piwik_ prefix to session namespaces
  • set session name (default is PHPSESSID; ZF sets it to ZFSESSION); what if user has set it in .htaccess?
  • regenerate session ID at login/logout
@robocoder
Collaborator

In [1460], fixes #945 - Piwik sets the session.name to 'PIWIK_SESSID'; define('PIWIK_SESSION_NAME', ...) in bootstrap.php to override; session namespaces now prefixed by Piwik_. We regenerate session ID at login/logout to mitigate session fixation attacks.

@robocoder robocoder added this to the Piwik 0.4.4 milestone
@robocoder robocoder self-assigned this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.