From db5225c160be0ffb3342d44f4d1d44a8b11c88d7 Mon Sep 17 00:00:00 2001
From: Demian Katz <demian.katz@villanova.edu>
Date: Fri, 3 Feb 2017 07:38:18 -0500
Subject: [PATCH] Use custom session name by default to avoid session
 corruption.

---
 config/vufind/config.ini | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/config/vufind/config.ini b/config/vufind/config.ini
index 182cbcdd157..b634dd5e73d 100644
--- a/config/vufind/config.ini
+++ b/config/vufind/config.ini
@@ -159,9 +159,11 @@ lifetime                    = 3600 ; Session lasts for 1 hour
 ; Set the domain used for cookies (sometimes useful for sharing the cookies across
 ; subdomains); by default, cookies will be restricted to the current hostname.
 ;domain = ".example.edu"
-; This sets the session cookie's name. Only needed if you use session sharing over
-; multiple subdomains (see domain setting above) and you have multiple PHP apps.
-;session_name = VUFIND_SESSION
+; This sets the session cookie's name. Comment this out to use the default
+; PHP_SESS_ID value. If running multiple versions of VuFind (or multiple PHP
+; applications) on the same host, it is strongly recommended to give each a
+; different session_name setting to avoid data contamination.
+session_name = VUFIND_SESSION
 
 ; Please set the ILS that VuFind will interact with.
 ;
-- 
GitLab