1<?php 2/** 3 * Test class for session use_trans_sid 4 * 5 * @package PhpSecInfo 6 * @author Ed Finkler <coj@funkatron.com> 7 */ 8 9 10/** 11 * require the PhpSecInfo_Test_Session class 12 */ 13require_once('PhpSecInfo/Test/Test_Session.php'); 14 15/** 16 * Test class for session use_trans_sid 17 * 18 * @package PhpSecInfo 19 * @author Ed Finkler <coj@funkatron.com> 20 */ 21class PhpSecInfo_Test_Session_Use_Trans_Sid extends PhpSecInfo_Test_Session 22{ 23 24 /** 25 * This should be a <b>unique</b>, human-readable identifier for this test 26 * 27 * @var string 28 */ 29 var $test_name = "use_trans_sid"; 30 31 32 var $recommended_value = FALSE; 33 34 35 function _retrieveCurrentValue() { 36 $this->current_value = $this->getBooleanIniValue('session.use_trans_sid'); 37 } 38 39 40 /** 41 * Checks to see if allow_url_fopen is enabled 42 * 43 */ 44 function _execTest() { 45 if ($this->current_value == $this->recommended_value) { 46 return PHPSECINFO_TEST_RESULT_OK; 47 } 48 49 return PHPSECINFO_TEST_RESULT_NOTICE; 50 } 51 52 53 /** 54 * Set the messages specific to this test 55 * 56 */ 57 function _setMessages() { 58 parent::_setMessages(); 59 60 $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'use_trans_sid is disabled, which is the recommended setting'); 61 $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'use_trans_sid is enabled. This makes session hijacking easier. Consider disabling this feature'); 62 63 } 64 65 66}