|
|
|
|
Bookmark this on Delicious
Share on Facebook
 Slashdot It!
Digg  session_save_path
Get and/or set the current session save path
(PHP 4, PHP 5)
Code Examples / Notes » session_save_pathwebmaster
This is an absolute must if you have an important login on a shared server. Without it, other users of the server can do the following to bypass login: * Visit login page, browse through cookies and grab the session id. * Create a PHP script on their account that grabs and sets session variables for a given session id. * Read and change any values for that session id (for example passwords or session keys), and therefore gain access to the protected area. All users on web hosting should choose an dir below the HTTP directory struct, but within their user area to store the session files. designofgod
sometime you need to change session.save_path because server system distributed more then one machine and you can not reach php.ini file example sourceforge.net. Then you can do that with .htaccess file which is kind of configuration file for Apache under one directory. anyway I added php_value session.save_path /home/groups/f/f4/f4l/tmp/ now my sessions work very well I hope :) gt
Note that you shouldn't use session_save_path() directly for performing file operations. It returns the configuration option, not the directory. As stated in /manual/en/ref.session.php#ini.session.save-path there can be a numeric argument separated with a semicolon in front of the "real" path. I used the following code to get rid of it: <?php $sessionpath = session_save_path(); if (strpos ($sessionpath, ";") !== FALSE) $sessionpath = substr ($sessionpath, strpos ($sessionpath, ";")+1); ?> Doesn't allow ; to appear in the directory names, but hey. Regards, Gero a9504778
dont forget: if you use session_save_path on the page, that registers a variable, you have also to use session_save_path on all the pages, where you access the session-variable. under win32 you can use the double \\ to specify eg "c:\\temp\\"
|
Change Language
session_cache_expire session_cache_limiter session_commit session_decode session_destroy session_encode session_get_cookie_params session_id session_is_registered session_module_name session_name session_regenerate_id session_register session_save_path session_set_cookie_params session_set_save_handler session_start session_unregister session_unset session_write_close |
