diff options
| -rw-r--r-- | includes/bootstrap.inc | 6 | ||||
| -rw-r--r-- | sites/default/default.settings.php | 23 |
2 files changed, 19 insertions, 10 deletions
diff --git a/includes/bootstrap.inc b/includes/bootstrap.inc index dbff7eaa1..d94079191 100644 --- a/includes/bootstrap.inc +++ b/includes/bootstrap.inc @@ -403,6 +403,12 @@ function drupal_initialize_variables() { ini_set('html_errors', 0); // Don't escape quotes when reading files from the database, disk, etc. ini_set('magic_quotes_runtime', '0'); + // Use session cookies, not transparent sessions that puts the session id in + // the query string. + ini_set('session.use_only_cookies', '1'); + ini_set('session.use_trans_sid', '1'); + // Don't send HTTP headers using PHP's session handler. + ini_set('session.cache_limiter', 'none'); } /** diff --git a/sites/default/default.settings.php b/sites/default/default.settings.php index e80435880..bbc62edd6 100644 --- a/sites/default/default.settings.php +++ b/sites/default/default.settings.php @@ -194,17 +194,20 @@ $update_free_access = FALSE; * See drupal_initialize_variables() in includes/bootstrap.inc for required * runtime settings and the .htaccess file for non-runtime settings. Settings * defined there should not be duplicated here so as to avoid conflict issues. + * + * Set session lifetime (in seconds), i.e. the time from the user's last visit + * to the active session may be deleted by the session garbage collector. When + * a session is deleted, authenticated users are logged out, and the contents + * of the user's $_SESSION variable is discarded. + */ +ini_set('session.gc_maxlifetime', 200000); + +/** + * Set session cookie lifetime (in seconds), i.e. the time from the session is + * created to the cookie expires, i.e. when the browser is expected to discard + * the cookie. The value 0 means "until the browser is closed". */ -ini_set('arg_separator.output', '&'); -ini_set('magic_quotes_sybase', 0); -ini_set('session.cache_expire', 200000); -ini_set('session.cache_limiter', 'none'); -ini_set('session.cookie_lifetime', 2000000); -ini_set('session.gc_maxlifetime', 200000); -ini_set('session.save_handler', 'user'); -ini_set('session.use_only_cookies', 1); -ini_set('session.use_trans_sid', 0); -ini_set('url_rewriter.tags', ''); +ini_set('session.cookie_lifetime', 2000000); /** * Drupal automatically generates a unique session cookie name for each site |