|
|
|
|
|
|
|
|
Proposed code change for potentially more unique sysid |
Tue, 14 January 2014 10:08 |
|
Hi, this is my first proposed change, so please let me know if I'm not following the right procedure (I've read the SVN docs on the wiki site).
We were experiencing session collisions for new logins, as the ses_make_sysid() function was not generating unique enough identifiers. We are using basic authentication on our server, so I'm proposing to add REMOTE_USER to the set of environment variables used to uniquely identify the client browser. For installs where basic authentication is not used, this addition will have no impact.
Below is the change...please review and let me know if I can apply for commit access in SourceForge.
--- cookies.inc.t-orig 2014-01-14 09:57:48.986943684 -0500
+++ cookies.inc.t 2014-01-14 09:58:06.153061812 -0500
@@ -15,7 +15,7 @@
return;
}
- $keys = array('HTTP_USER_AGENT', 'SERVER_PROTOCOL', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_LANGUAGE');
+ $keys = array('REMOTE_USER', 'HTTP_USER_AGENT', 'SERVER_PROTOCOL', 'HTTP_ACCEPT_CHARSET', 'HTTP_ACCEPT_LANGUAGE');
if ($GLOBALS['FUD_OPT_3'] & 16) { // SESSION_IP_CHECK
$keys[] = 'HTTP_X_FORWARDED_FOR';
$keys[] = 'REMOTE_ADDR';
|
|