[thelist] php: session help

Chris W. Parker cparker at swatgear.com
Mon Jul 21 11:27:09 CDT 2003


Tanner Burson <mailto:tanner at younet.okstate.edu>
    on Friday, July 18, 2003 8:13 PM said:

> Make sure in your php.ini file that you have the session timeout set
> to 0 or else you can get weird results when killing sessions.

session.timeout? Not found.

The only setting I found that had anything to do with time was:

session.cache_expure = 180

> Also (assuming you're on a *nix box) check the permissions of /tmp
> and make sure that PHP has the correct permissions...

When looking for a document that listed the proper permissions I found
an article that pointed out a way to make the sessions more secure.

First I changed the session directory to /var/spool/php_sessions.

Then:

chown apache: /var/spool/php_sessions
chmod 300 /var/spool/php_sessions

Then I restarted apache and logged into the website I'm working on. Sure
enough there was a new session file in the new directory I created. Then
I logged out and hoped that my session id changed and of course, it did
not.


Any other ideas?



Chris.


More information about the thelist mailing list