Re: [phpGroupWare-developers] list sessions

phpgroupware-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [phpGroupWare-developers] list sessions

From:	Dave Hall
Subject:	Re: [phpGroupWare-developers] list sessions
Date:	Mon, 14 Jul 2008 23:05:48 +1000

On Sun, 2008-07-13 at 23:14 +0200, Sigurd Nes wrote:
> Hi all,
> 
> The new session handler in trunk have all necessary meta-data about the 
> session
> embedded in the session itself.
> 
> If suhosin - the Hardened-PHP Project is enabled - the session data is 
> encrypted
> and the list sessions feature can not be used.
> 
> I think the list session is useful for tracking users in case of remote 
> problem
> solving.
> 
> How about re-enabling the meta information un-encrypted outside the session 
> data
> so it is available to the list session ?
> 
> This also affects the count of current users.

Security always comes at a cost.

If people really need this functionality it can be documented and those
users can either disable suhosin or use db sessions.  I fail to see what
benefit it brings for the overhead involved.

btw you can get the current session count by using a unique path for
storing the session files.

Cheers

Dave

[Prev in Thread]

Current Thread

[Next in Thread]

[phpGroupWare-developers] list sessions, Sigurd Nes, 2008/07/13
- Re: [phpGroupWare-developers] list sessions, Dave Hall <=
  - Re: [phpGroupWare-developers] list sessions, Sigurd Nes, 2008/07/14

Prev by Date: [phpGroupWare-developers] list sessions
Next by Date: Re: [phpGroupWare-developers] list sessions
Previous by thread: [phpGroupWare-developers] list sessions
Next by thread: Re: [phpGroupWare-developers] list sessions
Index(es):
- Date
- Thread