Knowledgebase: PHP and Apache
PHP Sessions Overview
Posted by H9 Admin on 14 January 2015 03:03 PM

A shared hosting environment offers interesting concerns for all parties involved with Sessions being no different. This tip is specific for PHP but the principles apply to other languages as well.

Before moving on it's highly recommended to first read the following PHP manual pages (not just skim, or read parts, but actually read!):

INI Directives

Tips on various PHP Session related directives:

  • By default (for our shared hosting environments) set to '/tmp', meaning session files are saved here for all users of the hosting server/computer

  • This makes it easy/possible for other users to peek in on (steal) this session data, and hijack sessions

Consider setting this directive to a path like '/home/yourusername/tmp'. Essentially you must:

  • Be sure the path exists (by creating it in FTP or SSH)

  • Since session.save_path is PHP_INI_ALL it can be set either:

    • In the PHP script itself using session_save_path() or ini_set()

    • Or in .htaccess

    • Or in php.ini

  • Setting to a home path also affects disk usage but typically these files are small

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
Help Desk Software by Kayako fusion