From 16d4ad60320f96de6807a3826f3d2e99018b9272 Mon Sep 17 00:00:00 2001 From: Christian Schneider Date: Thu, 30 Aug 2007 15:35:50 +0000 Subject: Remove default secret and require applications to set one --- it_session.class | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'it_session.class') diff --git a/it_session.class b/it_session.class index afc5a38..34ed379 100644 --- a/it_session.class +++ b/it_session.class @@ -8,7 +8,6 @@ define('_IT_SESSION_COOKIE', 'SESSION'); define('_IT_SESSION_COOKIE_EXPIRY', 0); define('_IT_SESSION_LIFETIME', 3600); -define('_IT_SESSION_SECRET', 'Kh234aH2!34hk22#4eJK@L231'); class it_session { @@ -30,7 +29,6 @@ function it_session() { $this->cookiename = _IT_SESSION_COOKIE; $this->lifetime = _IT_SESSION_LIFETIME; - $this->secret = _IT_SESSION_SECRET; /* * NOTE: Does not work with dynamic IPs (dialup with low timeout, * load balanced Proxies and maybe more weird stuff). @@ -79,6 +77,9 @@ function set_secret($secret) function init() { + if (empty($this->secret)) + it::fatal('it_session requires secret to be set'); + /* Got a cookie? */ if ($this->hascookies = isset($_COOKIE[$this->cookiename])) $this->cookie = $_COOKIE[$this->cookiename]; -- cgit v1.2.3