PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I read somewhere that the session vars are stored in a text file in the tmp directory on the server and that anyone that uses the server (it's a shared server) can access the files in that directory (and directories in my root even).
How can I move the session vars to a directory within my websites root and make it secure from both web visitors (realms for visitors, just need to make it secure from others on the server)?
I've already found a solution that uses mysql (sessions with adodb 2.0.0), so I could probably figure out how to write a session handler by looking at that and the php.net sight (I can't use the mysql handler becuase the mysql server is overburdened at the moment), so I guess all I really need to know is how to secure a folder on the server from other users.
I use Windows XP for testing but then upload to a Linux based server running the cgi version of php. I would need to change the location of the session vars using a function (like set_ini()) and use a htaccess file to protect the directory if it is possible.