Source for file use_trans_sid.php

Documentation is available at use_trans_sid.php

  1. <?php
  2. /**
  3. * Test class for session use_trans_sid
  4. *
  5. * @package PhpSecInfo
  6. * @author Ed Finkler <coj@funkatron.com>
  7. */
  8.  
  9.  
  10. /**
  11. * require the PhpSecInfo_Test_Session class
  12. */
  13. require_once('PhpSecInfo/Test/Test_Session.php');
  14.  
  15. /**
  16. * Test class for session use_trans_sid
  17. *
  18. * @package PhpSecInfo
  19. * @author Ed Finkler <coj@funkatron.com>
  20. */
  21. class PhpSecInfo_Test_Session_Use_Trans_Sid extends PhpSecInfo_Test_Session
  22. {
  23.  
  24. /**
  25. * This should be a <b>unique</b>, human-readable identifier for this test
  26. *
  27. * @var string
  28. */
  29. var $test_name = "use_trans_sid";
  30.  
  31.  
  32. var $recommended_value = FALSE;
  33.  
  34.  
  35. function _retrieveCurrentValue() {
  36. $this->current_value = $this->getBooleanIniValue('session.use_trans_sid');
  37. }
  38.  
  39.  
  40. /**
  41. * Checks to see if allow_url_fopen is enabled
  42. *
  43. */
  44. function _execTest() {
  45. if ($this->current_value == $this->recommended_value) {
  46. return PHPSECINFO_TEST_RESULT_OK;
  47. }
  48.  
  49. return PHPSECINFO_TEST_RESULT_NOTICE;
  50. }
  51.  
  52.  
  53. /**
  54. * Set the messages specific to this test
  55. *
  56. */
  57. function _setMessages() {
  58. parent::_setMessages();
  59.  
  60. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'use_trans_sid is disabled, which is the recommended setting');
  61. $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'use_trans_sid is enabled. This makes session hijacking easier. Consider disabling this feature');
  62.  
  63. }
  64.  
  65.  
  66. }

Documentation generated on Mon, 26 Feb 2007 10:50:11 -0500 by phpDocumentor 1.3.0RC3