Menu
I only use sessions to store variables and was hoping to ensure that the session save path could not be tampered with by any of the users. So I went to check my phpinfo and found that the session save path was set to no value. Is this normal for users who only use sessions for variables? Do I have anything to worry about if the sessions save path is set to no value?
634
The default value for the session.save_path setting is "" (empty string), which defaults to /tmp.
From a "working" standpoint, there is no need to worry that it's set to no value (as that's the default); however, from a security standpoint there is.
Warning from the manual:
If you leave this set to a world-readable directory, such as /tmp (the default), other users on the server may be able to hijack sessions by getting the list of files in that directory.
67
you can set save_path by create/edit .htaccess by this codes:
php_value session.save_path /mnt/stor1-wc1-dfw1/123456/www.domain.com/web/sessions
php_value session.save_handler files
for more details visit this site:PHP Sessions State Servers on Cloud Sites And How To Fix Non Working PHP Sessions
34
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
