[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [phpGroupWare-developers] list sessions
From: |
Dave Hall |
Subject: |
Re: [phpGroupWare-developers] list sessions |
Date: |
Mon, 14 Jul 2008 23:05:48 +1000 |
On Sun, 2008-07-13 at 23:14 +0200, Sigurd Nes wrote:
> Hi all,
>
> The new session handler in trunk have all necessary meta-data about the
> session
> embedded in the session itself.
>
> If suhosin - the Hardened-PHP Project is enabled - the session data is
> encrypted
> and the list sessions feature can not be used.
>
> I think the list session is useful for tracking users in case of remote
> problem
> solving.
>
> How about re-enabling the meta information un-encrypted outside the session
> data
> so it is available to the list session ?
>
> This also affects the count of current users.
Security always comes at a cost.
If people really need this functionality it can be documented and those
users can either disable suhosin or use db sessions. I fail to see what
benefit it brings for the overhead involved.
btw you can get the current session count by using a unique path for
storing the session files.
Cheers
Dave