Index: trunk/CHANGELOG =================================================================== --- trunk/CHANGELOG (revision 580) +++ trunk/CHANGELOG (revision 581) @@ -11,7 +11,9 @@ ! = Update/Change ------------------------------------- 2.7.0 ------------------------------------- - + +21-Jan-2008 Thomas Hornik ++ Unique session-identifier for each website baker installation. fixes #354 20-Jan-2008 Christian Sommer # fixed E_NOTICE-warning in save.php when input data was wrong + added the new admin tool email output filter which allows to transform Index: trunk/wb/install/save.php =================================================================== --- trunk/wb/install/save.php (revision 580) +++ trunk/wb/install/save.php (revision 581) @@ -23,12 +23,19 @@ */ -// Start a session +// Start a session if(!defined('SESSION_STARTED')) { - session_name('wb_session_id'); + // get random-part for session_name() + list($usec,$sec) = explode(' ',microtime()); + srand((float)$sec+((float)$usec*100000)); + $session_rand = rand(1000,9999); + session_name("wb_{$session_rand}_session_id"); session_start(); - define('SESSION_STARTED', true); -} + $_SESSION['SESSION_RAND'] = $session_rand; + define('SESSION_STARTED', true); +} else { + $session_rand = $_SESSION['SESSION_RAND']; +} // Function to set error function set_error($message) { @@ -419,7 +426,7 @@ ." ('rename_files_on_upload', 'php,asp,phpx,aspx')," ." ('er_level', '')," ." ('default_language', 'EN')," - ." ('app_name', 'wb')," + ." ('app_name', 'wb_$session_rand')," ." ('default_timezone', '$default_timezone')," ." ('default_date_format', 'M d Y')," ." ('default_time_format', 'g:i A')," Index: trunk/wb/install/index.php =================================================================== --- trunk/wb/install/index.php (revision 580) +++ trunk/wb/install/index.php (revision 581) @@ -22,13 +22,18 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ - + // Start a session -if(!defined('SESSION_STARTED')) { - session_name('wb_session_id'); - session_start(); +if(!defined('SESSION_STARTED')) { + // get random-part for session_name() + list($usec,$sec) = explode(' ',microtime()); + srand((float)$sec+((float)$usec*100000)); + $session_rand = rand(1000,9999); + session_name("wb_session_id"); + session_start(); + $_SESSION['SESSION_RAND'] = $session_rand; define('SESSION_STARTED', true); -} +} // Check if the page has been reloaded if(!isset($_GET['sessions_checked']) OR $_GET['sessions_checked'] != 'true') {