Session save path
Posted: Mon Oct 19, 2009 1:48 am
I would appreciate some advice on options for the session save path.
I am writing some software for podcast management. I cannot assume that the users of the software have root access to their server or the ability themselves to create directories or change owners or permissions or the ability to change settings in php.ini. Nor can I assume that the servers on which the software will run will have safe mode activated or open basedir restrictions. I want make life more difficult for anyone minded to read session data which isn't theirs or to hijack a session.
I have two broad choices. One is to leave things as they are. The default session save path will presumably have 0777 permissions, with the risks that that entails. The other is for the software to create a new sessions folder. I can do this as a sub-folder of a folder which for other reasons requires 0777 permissions. The sessions folder would be owned by www-data, and permissions would be set at 0700. So no-one other than the web server could read the session data. However, the sessions folder would in principle be readable by a programme running as www-data on the same server. And it would be below the document root, so - again in principle - it would be accessible from the web (whereas the default session save path is not generally web accessible).
I am not convinced that the option of creating a new sessions folder significantly improves security overall. What do others think?
PS. Edit. The more I think about it, the more I conclude that session save path and the security of session data in it is a server administrator's problem, and not one that it is sensible to try to solve in an individual php script.
I am writing some software for podcast management. I cannot assume that the users of the software have root access to their server or the ability themselves to create directories or change owners or permissions or the ability to change settings in php.ini. Nor can I assume that the servers on which the software will run will have safe mode activated or open basedir restrictions. I want make life more difficult for anyone minded to read session data which isn't theirs or to hijack a session.
I have two broad choices. One is to leave things as they are. The default session save path will presumably have 0777 permissions, with the risks that that entails. The other is for the software to create a new sessions folder. I can do this as a sub-folder of a folder which for other reasons requires 0777 permissions. The sessions folder would be owned by www-data, and permissions would be set at 0700. So no-one other than the web server could read the session data. However, the sessions folder would in principle be readable by a programme running as www-data on the same server. And it would be below the document root, so - again in principle - it would be accessible from the web (whereas the default session save path is not generally web accessible).
I am not convinced that the option of creating a new sessions folder significantly improves security overall. What do others think?
PS. Edit. The more I think about it, the more I conclude that session save path and the security of session data in it is a server administrator's problem, and not one that it is sensible to try to solve in an individual php script.