How can I make my session variables more secure?
Posted: Tue Jun 18, 2002 2:12 pm
I read somewhere that the session vars are stored in a text file in the tmp directory on the server and that anyone that uses the server (it's a shared server) can access the files in that directory (and directories in my root even).
How can I move the session vars to a directory within my websites root and make it secure from both web visitors (realms for visitors, just need to make it secure from others on the server)?
I've already found a solution that uses mysql (sessions with adodb 2.0.0), so I could probably figure out how to write a session handler by looking at that and the php.net sight (I can't use the mysql handler becuase the mysql server is overburdened at the moment), so I guess all I really need to know is how to secure a folder on the server from other users.
Any help is greatly appreciated.
How can I move the session vars to a directory within my websites root and make it secure from both web visitors (realms for visitors, just need to make it secure from others on the server)?
I've already found a solution that uses mysql (sessions with adodb 2.0.0), so I could probably figure out how to write a session handler by looking at that and the php.net sight (I can't use the mysql handler becuase the mysql server is overburdened at the moment), so I guess all I really need to know is how to secure a folder on the server from other users.
Any help is greatly appreciated.