Remove default secret and require applications to set one

author: Christian Schneider 2007-08-30 15:35:50 +0000
committer: Christian Schneider 2007-08-30 15:35:50 +0000
commit: 16d4ad60320f96de6807a3826f3d2e99018b9272 (patch)
tree: 6067f84e03fe58a81be8df46ffc956fa5611b8e4
parent: 7722bd06a2797d06529d21fc939cd84ae98361fe (diff)
download: itools-16d4ad60320f96de6807a3826f3d2e99018b9272.tar.gz
itools-16d4ad60320f96de6807a3826f3d2e99018b9272.tar.bz2
itools-16d4ad60320f96de6807a3826f3d2e99018b9272.zip
1 files changed, 3 insertions, 2 deletions
diff --git a/it_session.class b/it_session.class
index afc5a38..34ed379 100644
--- a/it_session.class
+++ b/it_session.class
@@ -8,7 +8,6 @@
 define('_IT_SESSION_COOKIE', 'SESSION');
 define('_IT_SESSION_COOKIE_EXPIRY', 0);
 define('_IT_SESSION_LIFETIME', 3600);
-define('_IT_SESSION_SECRET', 'Kh234aH2!34hk22#4eJK@L231');
 
 class it_session
 {
@@ -30,7 +29,6 @@ function it_session()
 {
 	$this->cookiename = _IT_SESSION_COOKIE;
 	$this->lifetime = _IT_SESSION_LIFETIME;
-	$this->secret = _IT_SESSION_SECRET;
 /*
  * NOTE: Does not work with dynamic IPs (dialup with low timeout,
  * load balanced Proxies and maybe more weird stuff).
@@ -79,6 +77,9 @@ function set_secret($secret)
 
 function init()
 {
+	if (empty($this->secret))
+		it::fatal('it_session requires secret to be set');
+
 	/* Got a cookie? */
 	if ($this->hascookies = isset($_COOKIE[$this->cookiename]))
 		$this->cookie = $_COOKIE[$this->cookiename];
author	Christian Schneider	2007-08-30 15:35:50 +0000
committer	Christian Schneider	2007-08-30 15:35:50 +0000
commit	16d4ad60320f96de6807a3826f3d2e99018b9272 (patch)
tree	6067f84e03fe58a81be8df46ffc956fa5611b8e4
parent	7722bd06a2797d06529d21fc939cd84ae98361fe (diff)
download	itools-16d4ad60320f96de6807a3826f3d2e99018b9272.tar.gz itools-16d4ad60320f96de6807a3826f3d2e99018b9272.tar.bz2 itools-16d4ad60320f96de6807a3826f3d2e99018b9272.zip