Recently our client migrated to server with suhosin enabled. Till then we were using session sharing to switch between wp and our custom cms. Now the session details are saved in DB after encryption. After pulling out the hair for one day we found that Suhosin is the culprit in the new server for this. Is there any way to read the session datas from the suhosin values?
How to share sessions between two sites when suhosin is enabled?
310 Views Asked by Mic At
2
There are 2 best solutions below
0
Chris_O
On
You can use memcached to save sessions in persistent memory cache between servers or sites without having to save to a file or DB.
You can also change the suhosin transparent encryption options. For example this might solve your problem:
suhosin.session.cryptdocroot
Type: Boolean
Default: On
Flag that decides if the transparent session encryption key depends on the Documentroot field.
Related Questions in PHP
- php Variable name must change in for loop
- register_shutdown_function is not getting called
- Query returning zero rows despite entries existing
- Retrieving *number* pages by page id
- Automatically closing tags in form input?
- How to resize images with PHP PARSE SDK
- how to send email from localhost using codeigniter?
- Mariadb max Error while sending QUERY packet PID
- Multiusers login redirect different page in php
- Imaginary folder when I use "DirectoryIterator" in PHP?
- CodeIgniter + XDebug: debug only working in the main controller, index() function
- PHP script timeout when I use sleep()
- posting javascript populated form to another php page
- AJAX PHP - Reload div after submit
- PHP : How can I check Array in array?
Related Questions in WORDPRESS
- Ajax jQuery firing multiple time display event for the same result
- Retrieving *number* pages by page id
- How to change the name of the file during unzip?
- Pass variables to extended class
- Dynamic wordpress background Based on Slider images
- I want to remove certain parent- and child-divs in all my wordpress posts with php or some other script
- Wordpress limit post that subscriber can create
- CSS styles for all instances of a WordPress widget
- Detect the function that redirects the page
- Show success or error messages in Ajax response to Wordpress custom registration form
- Internal 500 server error: .htaccess: RewriteCond: bad flag delimiters
- Rerun loop after every third post? (Wordpress)
- Error 404 not going after Wordpress Permalink change to custom structure
- YouTube views not counting on Wordpress embed
- Include only specific categories in WooCommerce product categories widget
Related Questions in SESSION
- Access property of an object of type [Model] in JQuery
- __PHP_Incomplete_Class Object even though class is included before session started
- Safari Extension not geting session Info
- Laravel: Locale Session: Controller gets Parameter to change it but it cant. U have to hardcode it
- Does OPEN SYMMETRIC KEY (SQL Server) remain in scope on a server farm?
- Superagent share session / cookie info with actual browser
- Session Destroyed on page refresh
- MVC Referencing strongly typed session objects on my view
- What is the best way to persist a global array in php?
- Error in indicies while unsetting Sessions
- Server side PHP session is not working in android
- Laravel - session data survives log-out/log-in, even for different users
- The page isn't redirecting properly when I logout
- Session array unset and delete row
- Validating a login using PHP
Related Questions in SUHOSIN
- Is my site being attacked? Suhosin simulation, very strange activity in IP Log
- suhosin patch or extension and zend optimizer
- how do I fix my suhosin.so error
- How to share sessions between two sites when suhosin is enabled?
- Does suhosin force some options in php.ini?
- How do I set suhosin.request.max_* with .htaccess? Only suhosin.post.max_* work
- PHP 5.3, Suhosin and UTF-8
- How can my php script tell if suhosin changed request variables?
- Can you use a PHP 5.3.7 suhosin-patch on PHP 5.3.8?
- PHP increase memory_limit above 128M
- php session encryption
- SugarCRM error on module loader on shared hosting
- How to secure CentOS with PHP7 server without suhosin?
- How to disable suhosin.log?
- Suhosin rule violation (340006 and 340007)
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
You cant decrypt suhosin session details. It better to change the authentication method. Disabling suhosin is a compromising on the security.