I'm administering WordPress sites under suPHP on a CentOS LAMP server
and would like to know how I can set PHP to keep the session files under
the WP user's dir without having do duplicate the entire php.ini file
for each WP site while still maintaining adequate security.  The
problems I'm encountering are that, AFAICT, I have basically two

 1. Use the suPHP "suPHP_ConfigPath" to set the path to a
    per-site php.ini file containing a "session.save_path"

 2. Put php.ini files with the "session.save_path" directive
    within the WP dir hier.

The problems with the above two options (I have found no other options
so far) are that, for the former, the system php.ini file is not read so
the per-site php.ini file(s) have to duplicate most if not all of what's
in the system php.ini file; this is for each WP site (if not a WP Net
(AKA WPMU) install); and for the latter, -any-and-every- subdir in the
WP dir hier that has code that may reference the PHP session must have
its own php.ini file in it.  Either way it becomes a significant
maintenance problem, especially once there are more than one or two
such sites.

I have not been able to find much documentation on this, either in the
PHP site or in the various help forums.  I've searched quite extensively
and have run some tests of my own using phpinfo.php to see how things
are set.

I do not desire to open up file permissions to bypass this PHP settings
issue altogether due to security concerns (though I do wish an answer
could be so simple).

What's canonical in such a case?  If nothing, are there any other
alternatives?  My desired solution would be to be able to put one
php.ini (or equivalent) file per site that would contain the needed
directive which would be merged with the settings from the system
php.ini, overriding only the session.save_path, but, AFAICT, PHP does
not seem to allow this.  Any other ideas?



Philip Amadeo Saeli
openSUSE, RHEL, CentOS

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to