session cookies

Please report bugs and any annoyances here. Kindly include all possible details: steps to reproduce, expected result, actual result, screenshots, ... etc.
Post Reply
User avatar
baudwalker
Veteran Member
Posts: 126
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

session cookies

Post by baudwalker » 2019-10-30 02:25

some of my users where being kicked off the server after a few moments. I contacted the Hosing company and was advices that I should move the session folder outside the web folder (htdocs).

I opened "lib.php" and inserted "@session_save_path("/home/domain_name.com.au/session"); " and all worked well untill I made changes and uploaded new files. I have a copy of the altered "lib.php" that I can upload but is there sometine I can add the hooks folder to make thins easier?

Barry

onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 524
Joined: 2019-05-21 22:42
Contact:

Re: session cookies

Post by onoehring » 2019-11-08 16:35

Hi,

maybe check out a previous post I made: viewtopic.php?f=4&t=3114&p=10463&hilit=copy#p10463

You may also put a "not writeable" on the file itself (which in my opinion may be probematic as you might forget after an Appgini update which actually changes the file. Having it in an extra location allows to compare versions.).

But please be aware, that putting sessions variables outside the htdocs, meaning, making them inaccessible to users is a security measure that should be taken. If someone could access the sessions variable (strings) they might just do some bad stuff to your application. IMHO it should be your hosting company that sets up the server in a way that this is the case by default.

Olaf
Some postings I was involved, you might find useful:
Backup your database (viewtopic.php?f=4&t=3341); Improve security (viewtopic.php?f=4&t=3168); Field Permissions (viewtopic.php?f=4&t=3308); Custom (error) message (viewtopic.php?f=7&t=1740&p=10871#p10906); Audit Log (viewtopic.php?f=4&t=1369&p=10407); Two Factor Authentication (viewtopic.php?f=7&t=3306&p=11478); Add 2nd SAVE CHANGES button (viewtopic.php?f=2&t=3242&p=11104); Place a search on details view (viewtopic.php?f=2&t=3479&p=12484#p12484); Column-Value-Based-Permissions (viewtopic.php?f=4&t=3498)

User avatar
baudwalker
Veteran Member
Posts: 126
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

Re: session cookies

Post by baudwalker » 2019-11-08 23:15

Thank you

Post Reply