Add additional session checks
enygma opened this issue · 3 comments
enygma commented
Check for valid values of:
- session.entropy_file
- session.entropy_length
- session.use_strict_mode
- session.use_only_cookies
- session.cookie_lifetime
- session.use_trans_sid
- session.hash_function (set to 1)
- session.bug_compat_42 (set to 0)
- session.bug_compat_warn (set to 0)
enygma commented
Should renaming the session cookie (PHPSESSID) be considered? I could see it being a "warning" item, but not a failure.
xsist10 commented
New merge pull #67 for:
session.hash_function (set to non-broken hashing mechanism)
session.bug_compat_42 (set to 0)
session.bug_compat_warn (set to 0)
sbusch commented