Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I just read a tutorial that explains how to change the path that session information is saved in... now when I change the path, and open that directory via the url bar, I get an index listing all session files, and when I open any of those files, I can see exactly what is in that session. Isn't that a MAJOR security issue? How can this be fixed??