projects / fa-stable.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Credit note can be posted without customer selected when search customer List is...
[fa-stable.git] / includes / session.inc
diff --git a/includes/session.inc b/includes/session.inc
index bb061e435c541bf8554f545ab551f4b4f90f69f2..5f9240eb6ad4d6b894bc97d080d775ea2f4caf12 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -11,6 +11,7 @@
 ***********************************************************************/
 define('VARLIB_PATH', $path_to_root.'/tmp');
 define('VARLOG_PATH', $path_to_root.'/tmp');
+define('SECURE_ONLY', true); // if you really need also http (unsecure) access allowed, you can set this to NULL
 
 class SessionManager
 {
@@ -397,7 +398,7 @@ foreach ($installed_extensions as $ext)
 ini_set('session.gc_maxlifetime', 36000); // moved from below.
 
 $Session_manager = new SessionManager();
-$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)));
+$Session_manager->sessionStart('FA'.md5(dirname(__FILE__)), 0, '/', null, SECURE_ONLY);
 
 $_SESSION['SysPrefs'] = new sys_prefs();
 
@@ -413,9 +414,11 @@ if ((!isset($SysPrefs->login_max_attempts)) || ($SysPrefs->login_max_attempts <
     $SysPrefs->login_max_attempts = 3; 
 
 if ($SysPrefs->go_debug > 0)
-       error_reporting(-1);
+       $cur_error_level = -1;
 else
-       error_reporting(E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE);
+       $cur_error_level = E_USER_WARNING|E_USER_ERROR|E_USER_NOTICE;
+
+error_reporting($cur_error_level);
 ini_set("display_errors", "On");
 
 if ($SysPrefs->error_logfile != '') {
FrontAccounting stable branch