Cookie authentication options

$cfg['blowfish_secret']

The “cookie” auth_type uses AES algorithm to encrypt the password. If you are using the “cookie” auth_type, enter here a random passphrase of your choice. It will be used internally by the AES algorithm: you won’t be prompted for this passphrase.

The secret should be 32 characters long. Using shorter will lead to weaker security of encrypted cookies, using longer will cause no harm.

注解

The configuration is called blowfish_secret for historical reasons as Blowfish algorithm was originally used to do the encryption.

在 3.1.0 版更改: 自 3.1.0 起 phpMyAdmin 能在线生成，但因为密钥被保存在会话中，所以安全性相对较低，并且无法显示上次登录的用户名。

$cfg['LoginCookieRecall']

设置在 cookie 认证下是否能自动重复上次登录。

This is automatically disabled if you do not have configured $cfg['blowfish_secret'].

$cfg['LoginCookieValidity']

Define how long a login cookie is valid. Please note that php configuration option session.gc_maxlifetime might limit session validity and if the session is lost, the login cookie is also invalidated. So it is a good idea to set session.gc_maxlifetime at least to the same value of $cfg['LoginCookieValidity'].

$cfg['LoginCookieStore']

设置登录 cookie 应在浏览器中保存多长时间。默认值 0 表示当前会话。建议在公共环境下使用。

$cfg['LoginCookieDeleteAll']

若启用 (默认值)，退出时将会删除所有服务器的 cookies，否则仅删除当前服务器的 cookies 。若设为 false，当你访问多台服务器时可能会容易忘记退出其它服务器。

$cfg['AllowArbitraryServer']

If enabled, allows you to log in to arbitrary servers using cookie authentication.

注解

Please use this carefully, as this may allow users access to MySQL servers behind the firewall where your HTTP server is placed. See also $cfg['ArbitraryServerRegexp'].

$cfg['ArbitraryServerRegexp']

Restricts the MySQL servers to which the user can log in when $cfg['AllowArbitraryServer'] is enabled by matching the IP or the hostname of the MySQL server to the given regular expression. The regular expression must be enclosed with a delimiter character.

It is recommended to include start and end symbols in the regular expression, so that you can avoid partial matches on the string.

Examples:

// Allow connection to three listed servers:
$cfg['ArbitraryServerRegexp'] = '/^(server|another|yetdifferent)$/';
// Allow connection to range of IP addresses:
$cfg['ArbitraryServerRegexp'] = '@^192\.168\.0\.[0-9]{1,}$@';
// Allow connection to server name ending with -mysql:
$cfg['ArbitraryServerRegexp'] = '@^[^:]\-mysql$@';

注解

The whole server name is matched, it can include port as well. Due to way MySQL is permissive in connection parameters, it is possible to use connection strings as `server:3306-mysql` . This can be used to bypass regular expression by the suffix, while connecting to another server.

$cfg['CaptchaMethod']

Valid values are:

• 'invisible' Use an invisible captcha checking method;
• 'checkbox' Use a checkbox to confirm the user is not a robot.

5.0.3 新版功能.

$cfg['CaptchaLoginPublicKey']

The public key for the reCaptcha service that can be obtained from the “Admin Console” on https://www.google.com/recaptcha/about/.

参见

[https://developers.google.com/recaptcha/docs/v3](https://developers.google.com/recaptcha/docs/v3)\

reCaptcha will be then used in Cookie 认证方式.

$cfg['CaptchaLoginPrivateKey']

The private key for the reCaptcha service that can be obtained from the “Admin Console” on https://www.google.com/recaptcha/about/.

参见

[https://developers.google.com/recaptcha/docs/v3](https://developers.google.com/recaptcha/docs/v3)\

reCaptcha will be then used in Cookie 认证方式.

$cfg['CaptchaSiteVerifyURL']

The URL for the reCaptcha service to do siteverify action.

reCaptcha will be then used in Cookie 认证方式.

5.1.0 新版功能.