Hi Jon,
"Jon Brisbin" <[EMAIL PROTECTED]> writes:
> Here's what I did: I switched to using file-based session storage in a tmp
> directory under /cgi-bin, which does not allow a malicious user, even if
> they knew a session id, to view any of the session information. Here's what
> I put in my embpcgi.pl file (you can do the equivalent in your httpd.conf
> file):
It works now! I switched from mod_perl to execution via cgi-bin and
put your SESSION_CLASSES / ARGS in my httpd.conf with SetEnv. It's a
bit strange that the same seem do not seem to work when using mod_perl...
> You might want to try the DBIStore with the NullLocker and see if that helps
> any...
> Did you set up a table in your mysql db called "sessions" that has is like
> "id char(32) not null primary key, a_session text"??
Yes, but it didn't help. :-( Somehow I can't get DBIStore to work, but
this is not a problem since FileStore is fast enough at the moment. ;)
Thanks for your help!
Ciao,
Eric
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
