- Patch #303154 by c960657: clean-up and better document ini_set() calls in default.settings.php.

dcf75020 · Dries Buytaert · 0bac8dad · dcf75020 · dcf75020
Commit dcf75020 authored Dec 23, 2008 by Dries Buytaert
--- a/includes/bootstrap.inc
+++ b/includes/bootstrap.inc
@@ -403,6 +403,12 @@ function drupal_initialize_variables() {
  ini_set('html_errors', 0);
  // Don't escape quotes when reading files from the database, disk, etc.
  ini_set('magic_quotes_runtime', '0');
+  // Use session cookies, not transparent sessions that puts the session id in
+  // the query string.
+  ini_set('session.use_only_cookies', '1');
+  ini_set('session.use_trans_sid', '1');
+  // Don't send HTTP headers using PHP's session handler.
+  ini_set('session.cache_limiter', 'none');
 }

 /**

--- a/sites/default/default.settings.php
+++ b/sites/default/default.settings.php
@@ -194,17 +194,20 @@
 * See drupal_initialize_variables() in includes/bootstrap.inc for required
 * runtime settings and the .htaccess file for non-runtime settings. Settings
 * defined there should not be duplicated here so as to avoid conflict issues.
+ *
+ * Set session lifetime (in seconds), i.e. the time from the user's last visit
+ * to the active session may be deleted by the session garbage collector. When
+ * a session is deleted, authenticated users are logged out, and the contents
+ * of the user's $_SESSION variable is discarded.
+ */
+ini_set('session.gc_maxlifetime', 200000);
+
+/**
+ * Set session cookie lifetime (in seconds), i.e. the time from the session is
+ * created to the cookie expires, i.e. when the browser is expected to discard
+ * the cookie. The value 0 means "until the browser is closed".
 */
-ini_set('arg_separator.output',     '&amp;');
-ini_set('magic_quotes_sybase',      0);
-ini_set('session.cache_expire',     200000);
-ini_set('session.cache_limiter',    'none');
-ini_set('session.cookie_lifetime',  2000000);
-ini_set('session.gc_maxlifetime',   200000);
-ini_set('session.save_handler',     'user');
-ini_set('session.use_only_cookies', 1);
-ini_set('session.use_trans_sid',    0);
-ini_set('url_rewriter.tags',        '');
+ini_set('session.cookie_lifetime', 2000000);

 /**
 * Drupal automatically generates a unique session cookie name for each site