|Topic:||prevent $CFG->usesid because hackers try to exploit it|
|Versions affected:||< 2.1.2, < 2.0.5 (1.9.x could also be vulnerable if misconfigured)|
|Reported by:||Petr Škoda|
|Solution:||upgrade to latest version|
|Workaround:||Don't use cookie-less sessions|
The $CFG->usesid was added previously to allow simpler access, but this setting is now ignored to remove a potential vulnerability.