Bill H wrote:1. Since my "session.use_cookies" is set to On, would the "session.save_path" or the "session.cookie_path" apply? The latter is set to a single slash, while the former is set to "/tmp"
Session are stored on the server and cookies are stored on the clients computer. "session.save_path" refers to where sessions will be stored on the server. "session.cookie_path" refers to the URL path on the server in which the cookie will be available on. The "/" means it's available to the whole domain. If "session.cookie_path" was set to "/foo/" then only scripts in that folder could access that session cookie because the browser wound only send it for ULR with "/foo/' in it.
2. Since almost all of my scripts are running from subdirectories, where is the "/tmp" located? Or does php use that path relative to the root? Or relative to something else?
"session.save_path" is sent to the session handler and should be absolute. "/tmp" is located outside your user directory and is accessialbe to ALL other domains on the server. This is the biggest reason to move your sessions to your own folder. (If your server isn't Jailed then well it's all a mute point.)
3. What happens if I set "session.use_only_cookies" to on and the viewer has his browser set to reject cookies out of hand?
New session is created on every page. The user will not receives any benefit from the session info.
4. If I change the "session.save_path" will scripts in all subdirectories find it from that single directory name being iterated, or will I need to set it in each script relative to the location of that particular file?
Depends on how you change it? If you use ini_set() in a front controller then that maybe the only change you need. However, if your script's control is distributed across multiple directories ini_set() would be needed in every script. htaccess and local php.ini changes are per directory.