more session stuff

.gitignore

@@ -3,3 +3,4 @@
 docroot/nginx.conf
 docroot/html/writable/*.*
 docroot/php.ini
+docroot/session.save_path/sess_*

docroot/html/sessions.php

@@ -0,0 +1,56 @@
+<?php
+
+if ($_POST['destroy-session'] != "yes") {
+    session_start();
+    $_SESSION['fingerprint'] = md5('SECRET-SALT' . $_SERVER['HTTP_USER_AGENT']);
+} else {
+    session_start();
+    session_regenerate_id();
+    $_SESSION['fingerprint'] = md5('SECRET-SALT' . $_SERVER['HTTP_USER_AGENT']);
+}
+
+require_once("_head.php");
+
+mkheader("sessions!", "#aea");
+?>
+
+  <body>
+
+    <!-- ======================================================= -->
+    <?php
+    if ($_POST['destroy-session'] == "yes") {
+        session_destroy();
+        ?>
+            <p>Successfully destroyed session</p>
+            <a href="<?php echo $_SERVER['PHP_SELF']; ?>">clear this</a>
+        <?php
+    } else {
+        ?>
+            <form name="session_destroy" action="" method="POST">
+              <input type="hidden" name="destroy-session" value="yes" />
+              <input type="submit" name="submit" value="Destroy Session" />
+            </form>
+        <?php
+    }
+
+    ?>
+
+    <!-- ======================================================= -->
+    <pre><?php
+
+    print("Current session data:\n");
+    print_r($_SESSION);
+
+    ?></pre>
+
+    <!-- ======================================================= -->
+    <pre><?php
+
+    print("Current cookie data:\n");
+    print_r($_COOKIE);
+
+    ?></pre>
+
+
+  </body>
+</html>

docroot/php.ini.in

@@ -765,7 +765,7 @@ auto_append_file =
 ;
 ; PHP's built-in default is text/html
 ; http://php.net/default-mimetype
-default_mimetype = "text/plain"
+default_mimetype = "text/html"
 
 ; PHP's default character set is set to empty.
 ; http://php.net/default-charset