Page 1 of 1

session cookies

Posted: 2019-10-30 02:25
by baudwalker
some of my users where being kicked off the server after a few moments. I contacted the Hosing company and was advices that I should move the session folder outside the web folder (htdocs).

I opened "lib.php" and inserted "@session_save_path("/home/domain_name.com.au/session"); " and all worked well untill I made changes and uploaded new files. I have a copy of the altered "lib.php" that I can upload but is there sometine I can add the hooks folder to make thins easier?

Barry

Re: session cookies

Posted: 2019-11-08 16:35
by onoehring
Hi,

maybe check out a previous post I made: viewtopic.php?f=4&t=3114&p=10463&hilit=copy#p10463

You may also put a "not writeable" on the file itself (which in my opinion may be probematic as you might forget after an Appgini update which actually changes the file. Having it in an extra location allows to compare versions.).

But please be aware, that putting sessions variables outside the htdocs, meaning, making them inaccessible to users is a security measure that should be taken. If someone could access the sessions variable (strings) they might just do some bad stuff to your application. IMHO it should be your hosting company that sets up the server in a way that this is the case by default.

Olaf

Re: session cookies

Posted: 2019-11-08 23:15
by baudwalker
Thank you