* @copyright 2004 http://www.php-tools.net * @license LGPL **/ // include error-manager include_once '../../patError/patErrorManager.php'; patErrorManager::setErrorHandling( E_ERROR, 'verbose' ); patErrorManager::setErrorHandling( E_WARNING, 'verbose' ); patErrorManager::setErrorHandling( E_NOTICE, 'verbose' ); // include factory/loader include_once '../patSession.php'; $options = array( 'security' => 'fix_browser,fix_ip,fix_referer', 'allow-referer' => '*.php-tools.net,*.php-tools.de', 'empty-referer' => 'allow' ); // most easy way to create a session object $sess =& patSession::singleton( 'ham', 'Native', $options ); $queryString = $sess->getQueryString(); ?> Use the 'security' option if you need to customize the session-fixiation-features of patSession. By default (for maximum security) the session will fixed to browser, ip and referer. If any security-check fails all session values will be cleared and the session itself will switch to a different state (not active).

Current options passed to session:

fix_browser:
If this features is turned on, the session will be fixed to the user-agent. Try to use the this URL with another browser: this URL

'; ?> fix_ip:
The session is bounded to the client's ip address.

fix_referer:
All session values will be cleared if the referer is empty or an unknown host.
The fix-referer-feature can be combined two other options: 'empty-referer' (deny, allow) and 'allow-referer'.

get( 'security-test' ); if( patErrorManager::isError( $result ) ) { echo '
Session-state: ' . $sess->getState() . '
'; } else { echo '
The session reported no errors.
'; } ?>