functions session.xml

Jim Winstead Mon, 22 Jan 2001 17:51:45 -0800

jimw            Mon Jan 22 18:03:35 2001 EDT

  Modified files:              
    /phpdoc/en/functions        session.xml 
  Log:
  add warning about having a world-readable sessions.save_path
  
Index: phpdoc/en/functions/session.xml
diff -u phpdoc/en/functions/session.xml:1.30 phpdoc/en/functions/session.xml:1.31
--- phpdoc/en/functions/session.xml:1.30        Tue Dec 12 20:51:31 2000
+++ phpdoc/en/functions/session.xml     Mon Jan 22 18:03:35 2001
@@ -184,6 +184,14 @@
        handler, this is the path where the files are created.
        Defaults to <literal>/tmp</literal>.
       </simpara>
+      <warning>
+       <para>
+        If you leave this set to a world-readable directory, such as
+        <filename>/tmp</filename> (the default), other users on the
+        server may be able to hijack sessions by getting the list of
+        files in that directory.
+       </para>
+      </warning>
      </listitem>
      <listitem>
       <simpara>

[PHP-DOC] cvs: phpdoc /en/functions session.xml

Reply via email to