5

On my current project I have a security.php which holds up, some functions and some ini_set() statements.

ini_set('session.use_trans_sid', 0);
ini_set('session.use_only_cookies', 1);
ini_set('session.cookie_secure', 1);
ini_set('session.hash_function', 'whirlpool');
ini_set('session.cookie_httponly', 1);
ini_set('session.hash_bits_per_character', '5');

So here is my problem. If I put some sort of check...

if(ini_set('session.use_trans_sid', 0) === false)
    echo "Foo!";

It always returns false, no matter which one I am trying to set. I thought the problem was with the security.php permissions, but I was wrong.

EDIT

var_dump(ini_set('display_errors', '0'));

returns string(0) ""

Any other idea?

Thanks, Sebastian

Sebastjan
  • 1,117
  • 2
  • 17
  • 24

1 Answers1

-3

ini_set always returns a string, so this strict comparison will always be false:

ini_set('session.use_trans_sid', 0) === false

If you want to check the value without changing it, use ini_get:

if (ini_get('session.use_trans_sid') == 0) ...

or

if (!ini_get('session.use_trans_sid')) ...

ini_set will set the value and return the previous value.

Matt S
  • 14,976
  • 6
  • 57
  • 76
  • 6
    `ini_set` returns false when there is a failure, per the documentation (http://php.net/manual/en/function.ini-set.php#refsect1-function.ini-set-returnvalues). – rich remer Oct 31 '16 at 18:24