----- Original Message ----- From: "Shawn McKenzie" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, October 02, 2004 2:11 AM Subject: [PHP] Session handlers
> Just curious, what is the advantage of using a custom session handler, > such as saving session data in MySQL? security ! The default location for php to store session data is the tmp directory of the host os (like /tmp), and in most cases these files are readable by the webserver... and by all other scripts it's running. So if you're hosting your site on a shared server other users can read your session data, that's fine as long as you don't use it to store critical information like username, password.... some more info on this topic: http://shiflett.org/talks/phpworks2004-php-session-security/ regards, Ewout -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
