1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Turn on use_cookies on admin panels PHP

Discussion in 'Plesk for Linux - 8.x and Older' started by jadent, May 9, 2008.

  1. jadent

    jadent Guest

    0
     
    How to turn on PHP's session.use_cookies on the admin panel's PHP version? You can set it in the master value in /usr/local/psa/admin/conf/php.ini but the local value is set to "Off" and i cannot find where it sets it to off (it is possible they do it in the code as well). Does anyone know?

    Having it off violates PCI compliance
     
  2. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    if having it turned on violates compliance, why would you want to turn it on?
     
  3. jadent

    jadent Guest

    0
     
    Sorry the last statement should be "Having it off...". Having it off violates compliance as then it will use the query string which is even easier to hack. Having it turned on makes it a little more difficult and PCI compliance demands that is on.
     
  4. Amin Taheri

    Amin Taheri Golden Pleskian Plesk Certified Professional

    33
     
    Joined:
    Jul 5, 2007
    Messages:
    1,398
    Likes Received:
    1
    Location:
    Seattle Area
    Gotcha - thanks :)

    I took a quick look at my setup:

    Code:
    grep 'use_cookies' /usr/local/psa/admin/conf/*
    
    php.ini:session.use_cookies = 1
    php.ini.def:session.use_cookies = 1
    
    Is that what you have too ?
     
  5. jadent

    jadent Guest

    0
     
    Yep. But if you put a phpinfo in the admin application you will see

    Local Value as 'Off' and Master Value as 'On'

    Meaning its being overridden somewhere else. Maybe in a apache conf file, .htaccess or the PHP code . There is an encoded .htaccess.swp file in the /usr/local/psa/admin/htdocs directory.
     
Loading...