Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Are PHP sessions stored in /tmp on shared hosting safe?

Tags:

php

I have heard that there are security problems that arise because of this. Would it be wise to use purely databases for storing PHP sessions rather than in /tmp?

like image 727
Ryan Avatar asked Dec 17 '22 11:12

Ryan

1 Answers

They are unsafe (although the Suhosin extension can encrypt them, providing a little bit of security). You shouldn't need to switch to a database just because of this (although there are other valid reasons to do so). The easiest way is to just set session.save_path to a directory only you can access.

like image 148
Wrikken Avatar answered Jan 06 '23 11:01

Wrikken
Sign in to Comment

Related questions

Very simple PHP addition problem
PHP - Instead of doing ECHO's to debug variable values, how to send the value to a file?
what is wrong with this line?
php : repost the parameters
Limit a variable value to certain predefined values
Converting russian characters from upper case to lower case in php
Saving HABTM with extra fields?
PHP Array of Custom Class
php sessions security query
What is the point of replace function in Memcache?
pg_escape_string not working
PHP - It is not safe to rely on the system's timezone settings
PHP: send POST request then read XML response?
Weird characters when filling PDF with PDFTk
range(-8.00, 8.00, 0.05) acting very strange
Working with PHP offline
How to compare 2 different length arrays to eachother
How do I run PHP in HTML?
Getting last tweet with PHP
Ampersand problem in XML when creating a URL String

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!