SMF Development > Bug Reports

SMF isn't obeying session.use_only_cookies. Why?!

(1/1)

neothemachine:
Hi guys,

File "Load.php", line 2330:


--- Code: ---@ini_set('session.use_only_cookies', false);
--- End code ---

Why the hell are you doing that? If the site owner decides that he wants maximum security then he might also decide to set session.use_only_cookies = 1 which is by the way the default since PHP 5.3.3. So why is SMF overriding this setting?

Arantor:
Because back in 2003-4 when it was first written there were a lot of people still rejecting cookies.

Won't be changed in SMF 2.0, might be in 2.1 but somehow I doubt it especially given all the stuff going on in the EU about not accepting cookies by default...

Navigation

[0] Message Index