'en-iso-8859-1', 'AllowAnywhereRecoding' => false); // Loads the language file require_once('./libraries/select_lang.lib.php'); // Displays the error message // (do not use & for parameters sent by header) header('Location: error.php' . '?lang=' . urlencode($available_languages[$lang][2]) . '&char=' . urlencode($charset) . '&dir=' . urlencode($text_dir) . '&type=' . urlencode($strError) . '&error=' . urlencode(sprintf($strCantLoad, 'session'))); exit(); } elseif (ini_get('session.auto_start') == true && session_name() != 'phpMyAdmin') { /* $cfg = array('DefaultLang' => 'en-iso-8859-1', 'AllowAnywhereRecoding' => false); // Loads the language file require_once('./libraries/select_lang.lib.php'); // Displays the error message // (do not use & for parameters sent by header) // TODO FIXME replace with locale string $strSessionAutostartError = 'phpMyAdmin cannot run with' . ' [a@http://php.net/session#ini.session.auto-start@php]session.auto_start[/a]' . ' enabled. Check your php configuration.'; header('Location: error.php' . '?lang=' . urlencode('en') //($available_languages[$lang][2]) . '&char=' . urlencode($charset) . '&dir=' . urlencode('ltr') //($text_dir) . '&type=' . urlencode('Error') //($strError) . '&error=' . urlencode($strSessionAutostartError)); exit(); */ $_SESSION = array(); if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-42000, '/'); } session_unset(); @session_destroy(); } // disable starting of sessions before all settings are done // does not work, besides how it is written in php manual //ini_set('session.auto_start', 0); // session cookie settings session_set_cookie_params(0, PMA_Config::getCookiePath(), '', PMA_Config::isHttps()); // cookies are safer ini_set('session.use_cookies', true); // but not all user allow cookies ini_set('session.use_only_cookies', false); ini_set('session.use_trans_sid', true); ini_set('url_rewriter.tags', 'a=href,frame=src,input=src,form=fakeentry,fieldset='); //ini_set('arg_separator.output', '&'); // delete session/cookies when browser is closed ini_set('session.cookie_lifetime', 0); // warn but dont work with bug ini_set('session.bug_compat_42', false); ini_set('session.bug_compat_warn', true); // use more secure session ids (with PHP 5) if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') { ini_set('session.hash_function', 1); ini_set('session.hash_bits_per_character', 6); } // start the session // on some servers (for example, sourceforge.net), we get a permission error // on the session data directory, so I add some "@" // [2006-01-25] Nicola Asuni - www.tecnick.com: maybe the PHP directive // session.save_handler is set to another value like "user" ini_set('session.save_handler', 'files'); @session_name('phpMyAdmin'); @session_start(); /** * Token which is used for authenticating access queries. */ if (!isset($_SESSION['PMA_token'])) { $_SESSION['PMA_token'] = md5(uniqid(rand(), true)); } /** * trys to secure session from hijacking and fixation * should be called before login and after successfull login * (only required if sensitive information stored in session) * * @uses session_regenerate_id() to secure session from fixation * @uses session_id() to set new session id * @uses strip_tags() to prevent XSS attacks in SID * @uses function_exists() for session_regenerate_id() */ function PMA_secureSession() { // prevent session fixation and XSS if (function_exists('session_regenerate_id')) { session_regenerate_id(true); } else { session_id(strip_tags(session_id())); } } ?>