Re: Securing My website even more than it is
Posted: Fri Sep 05, 2008 9:58 pm
I don't think the session.save_path should matter much so long as you're careful to configure your server correctly and set a .htaccess in the place where the sessions are saved so that they can not be accessed. I'm sure it would not be a bad idea to change the default session name, although so long as they're stored on your own server I suspect it won't matter too much. Admittedly, I do not know much about session vulnerabilities or spoofs. Since we're on the topic, though, do you plan to use cookies at all? I know that since cookies are stored on the host computer, there are several possible vulnerabilities surrounding them.
Continuing good luck,
OmniUni
Continuing good luck,
OmniUni