Enable by default to store all session data in the database + remove feature of file-based sessions in tmp/sessions/* #12170
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
Major
Indicates the severity or impact or benefit of an issue is much higher than normal but not critical.
Milestone
In order to simplify life (for example when we refactor/improve security in our sesions in #12164), I'd like to propose that we remove the File Sessions Handler in Piwik, and default everyone to use the Database session handler.
Notes:
By default Piwik uses the filesystem as a session handler.
The text was updated successfully, but these errors were encountered: