Page 1 of 1

Session files

Posted: Wed Oct 05, 2005 3:24 pm
by Luke
I just read a tutorial that explains how to change the path that session information is saved in... now when I change the path, and open that directory via the url bar, I get an index listing all session files, and when I open any of those files, I can see exactly what is in that session. Isn't that a MAJOR security issue? How can this be fixed??

Posted: Wed Oct 05, 2005 3:28 pm
by Ree
PHP session data dir should not be accessible to anyone through the net. It shouldn't be in root directory, why would you want it there?

Posted: Wed Oct 05, 2005 3:33 pm
by feyd
place an .htaccess file in the directory with a deny from all setting in it.. ;) (assuming you are using Apache)