Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:2.0:konfigurationsdatei_config.php [2021/10/25 13:32] – [$gDbType] fasse | en:2.0:konfigurationsdatei_config.php [2024/02/11 08:21] (current) – fasse | ||
---|---|---|---|
Line 54: | Line 54: | ||
Any user, whether logged out or logged in, will have a unique session ID. This ID is passed on every page request. If a foreign person is now scanning the traffic between the computer and the server and gets access to this ID, he could assign with this session ID as current user. He therefore would has all the rights in the system that owns the original user. To prevent this abuse, Admidio compares additionally on every page request, the associated IP address to this session. If the IP address changes in between, so Admidio recognizes this as an invalid connection and closes the corresponding session. | Any user, whether logged out or logged in, will have a unique session ID. This ID is passed on every page request. If a foreign person is now scanning the traffic between the computer and the server and gets access to this ID, he could assign with this session ID as current user. He therefore would has all the rights in the system that owns the original user. To prevent this abuse, Admidio compares additionally on every page request, the associated IP address to this session. If the IP address changes in between, so Admidio recognizes this as an invalid connection and closes the corresponding session. | ||
- | This setting is always enabled and does not need to be explicitly set in config.php. | + | This setting is deactivated by default, as it can cause problems for users. For example, some users intentionally use services that regularly change the IP address. It can also happen that some providers |
- | Are there, however, some users having problems or some users are using deliberately | + | |
- | Possible values: '' | + | Possible values: '' |
Required version: '' | Required version: '' | ||
Line 76: | Line 75: | ||
* Uncompressed Javascript and CSS files are linked | * Uncompressed Javascript and CSS files are linked | ||
- | Possible values: '' | + | Possible values: '' |
Required version: '' | Required version: '' | ||
Line 82: | Line 81: | ||
This parameter is only ** ** intended for test systems and allows a [[en: | This parameter is only ** ** intended for test systems and allows a [[en: | ||
- | Possible values: '' | + | Possible values: '' |
Required version: '' | Required version: '' | ||
Line 88: | Line 87: | ||
This flag ensures that a database update can only be carried out on a new Admidio version, if an administrator has given his credentials in the update script. This function is always active in the default and can be disabled in the config.php via this parameter. For security reasons, we recommend that this feature should always be enabled. In a test systems it is useful to disable the function. | This flag ensures that a database update can only be carried out on a new Admidio version, if an administrator has given his credentials in the update script. This function is always active in the default and can be disabled in the config.php via this parameter. For security reasons, we recommend that this feature should always be enabled. In a test systems it is useful to disable the function. | ||
- | Possible values: '' | + | Possible values: '' |
Required version: '' | Required version: '' | ||
Line 94: | Line 93: | ||
This flag ensures that the cookie is valid for the entire domain where Admidio is installed. If Admidio is installed in the folder '' | This flag ensures that the cookie is valid for the entire domain where Admidio is installed. If Admidio is installed in the folder '' | ||
- | Possible values: '' | + | Possible values: '' |
Required version: '' | Required version: '' | ||
Line 105: | Line 104: | ||
==== $gForceHTTPS ==== | ==== $gForceHTTPS ==== | ||
- | Optionally, a forwarding of HTTP calls to HTTPS calls can be set by Admidio. The default setting is '' | + | Admidio automatically recognizes whether communication is encrypted with https or not. In rare cases, this recognition does not work. In this case, you can tell Admidio |
Possible values: '' | Possible values: '' |