server security for sessions

most of PHP application use session module. Commonly to provide user authentication and most of hoster providers store session files in /tmp directory. Session files from all users/sites at one dir, it is big security risk!

Looks like /tmp is shared between users and used to store authentication information, really bad idea.

Session module allow to change default path for session files (configurable is strong PHP side), so it simple for webmasters and PHP coders to solve this problem, just need to change session path like this:


ini_set('session.save_path', '/home/your_own_dir/tmp');

Trackback URL for this post: