[thelist] php: session help
Chris W. Parker
cparker at swatgear.com
Mon Jul 21 11:27:09 CDT 2003
Tanner Burson <mailto:tanner at younet.okstate.edu>
on Friday, July 18, 2003 8:13 PM said:
> Make sure in your php.ini file that you have the session timeout set
> to 0 or else you can get weird results when killing sessions.
session.timeout? Not found.
The only setting I found that had anything to do with time was:
session.cache_expure = 180
> Also (assuming you're on a *nix box) check the permissions of /tmp
> and make sure that PHP has the correct permissions...
When looking for a document that listed the proper permissions I found
an article that pointed out a way to make the sessions more secure.
First I changed the session directory to /var/spool/php_sessions.
Then:
chown apache: /var/spool/php_sessions
chmod 300 /var/spool/php_sessions
Then I restarted apache and logged into the website I'm working on. Sure
enough there was a new session file in the new directory I created. Then
I logged out and hoped that my session id changed and of course, it did
not.
Any other ideas?
Chris.
More information about the thelist
mailing list