some of my users where being kicked off the server after a few moments. I contacted the Hosing company and was advices that I should move the session folder outside the web folder (htdocs).
I opened "lib.php" and inserted "@session_save_path("/home/domain_name.com.au/session"); " and all worked well untill I made changes and uploaded new files. I have a copy of the altered "lib.php" that I can upload but is there sometine I can add the hooks folder to make thins easier?
Barry
session cookies
- baudwalker
- Veteran Member
- Posts: 188
- Joined: 2015-02-03 08:08
- Location: Bellingen NSW Australia
Re: session cookies
Hi,
maybe check out a previous post I made: viewtopic.php?f=4&t=3114&p=10463&hilit=copy#p10463
You may also put a "not writeable" on the file itself (which in my opinion may be probematic as you might forget after an Appgini update which actually changes the file. Having it in an extra location allows to compare versions.).
But please be aware, that putting sessions variables outside the htdocs, meaning, making them inaccessible to users is a security measure that should be taken. If someone could access the sessions variable (strings) they might just do some bad stuff to your application. IMHO it should be your hosting company that sets up the server in a way that this is the case by default.
Olaf
maybe check out a previous post I made: viewtopic.php?f=4&t=3114&p=10463&hilit=copy#p10463
You may also put a "not writeable" on the file itself (which in my opinion may be probematic as you might forget after an Appgini update which actually changes the file. Having it in an extra location allows to compare versions.).
But please be aware, that putting sessions variables outside the htdocs, meaning, making them inaccessible to users is a security measure that should be taken. If someone could access the sessions variable (strings) they might just do some bad stuff to your application. IMHO it should be your hosting company that sets up the server in a way that this is the case by default.
Olaf
Some postings I was involved, you might find useful:
SingleEdit - Prevent concurrent edits on records; Field Permissions; Column-Value-Based-Permissions; Custom (error) message; Audit Log; Backup your database; Two Factor Authentication; Block brute force (failed) logins; Add 2nd SAVE CHANGES button; Place a search on details view
SingleEdit - Prevent concurrent edits on records; Field Permissions; Column-Value-Based-Permissions; Custom (error) message; Audit Log; Backup your database; Two Factor Authentication; Block brute force (failed) logins; Add 2nd SAVE CHANGES button; Place a search on details view
- baudwalker
- Veteran Member
- Posts: 188
- Joined: 2015-02-03 08:08
- Location: Bellingen NSW Australia
Re: session cookies
Thank you