How can I make my session variables more secure?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
CaptainN
Forum Newbie
Posts: 9
Joined: Tue Jun 18, 2002 1:41 pm

How can I make my session variables more secure?

Post by CaptainN »

I read somewhere that the session vars are stored in a text file in the tmp directory on the server and that anyone that uses the server (it's a shared server) can access the files in that directory (and directories in my root even).

How can I move the session vars to a directory within my websites root and make it secure from both web visitors (realms for visitors, just need to make it secure from others on the server)?

I've already found a solution that uses mysql (sessions with adodb 2.0.0), so I could probably figure out how to write a session handler by looking at that and the php.net sight (I can't use the mysql handler becuase the mysql server is overburdened at the moment), so I guess all I really need to know is how to secure a folder on the server from other users.

Any help is greatly appreciated.
Zmodem
Forum Commoner
Posts: 84
Joined: Thu Apr 18, 2002 3:59 pm

Post by Zmodem »

I assume your using win2k or NT or XP right?

I know NT and win2k, won't touch XP.

right click on the directory, and click properties

Click on the security tab

In that section, you can specify which users have which rights. so on and so forth. pretty self-explanitory
CaptainN
Forum Newbie
Posts: 9
Joined: Tue Jun 18, 2002 1:41 pm

Post by CaptainN »

I use Windows XP for testing but then upload to a Linux based server running the cgi version of php. I would need to change the location of the session vars using a function (like set_ini()) and use a htaccess file to protect the directory if it is possible.

thanks.
Post Reply