session cookies

Please report bugs and any annoyances here. Kindly include all possible details: steps to reproduce, expected result, actual result, screenshots, ... etc.
Post Reply
User avatar
baudwalker
Veteran Member
Posts: 188
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

session cookies

Post by baudwalker » 2019-10-30 02:25

some of my users where being kicked off the server after a few moments. I contacted the Hosing company and was advices that I should move the session folder outside the web folder (htdocs).

I opened "lib.php" and inserted "@session_save_path("/home/domain_name.com.au/session"); " and all worked well untill I made changes and uploaded new files. I have a copy of the altered "lib.php" that I can upload but is there sometine I can add the hooks folder to make thins easier?

Barry

User avatar
onoehring
AppGini Super Hero
AppGini Super Hero
Posts: 1156
Joined: 2019-05-21 22:42
Location: Germany
Contact:

Re: session cookies

Post by onoehring » 2019-11-08 16:35

Hi,

maybe check out a previous post I made: viewtopic.php?f=4&t=3114&p=10463&hilit=copy#p10463

You may also put a "not writeable" on the file itself (which in my opinion may be probematic as you might forget after an Appgini update which actually changes the file. Having it in an extra location allows to compare versions.).

But please be aware, that putting sessions variables outside the htdocs, meaning, making them inaccessible to users is a security measure that should be taken. If someone could access the sessions variable (strings) they might just do some bad stuff to your application. IMHO it should be your hosting company that sets up the server in a way that this is the case by default.

Olaf

User avatar
baudwalker
Veteran Member
Posts: 188
Joined: 2015-02-03 08:08
Location: Bellingen NSW Australia

Re: session cookies

Post by baudwalker » 2019-11-08 23:15

Thank you

Post Reply