Yes, Chuck is correct here. The security issue I raised has to do
with multiple users on the same shared server, which is how some
hosting companies manage their clients. Each user may have a
different home directory and has separation from other users,
however, usually the same /tmp
Ach, correction: Chuck is correct here. = *Richard* is correct here.
No morning coffee yet, sorry.
- Ben
On Apr 20, 2006, at 7:22 PM, Richard Lynch wrote:
On Thu, April 20, 2006 1:46 pm, Ben Liu wrote:
After a bit more research, I think I understand why Jochem recommends
use of
On Fri, April 21, 2006 6:28 am, Ben Liu wrote:
Yes, Chuck is correct here. The security issue I raised has to do
with multiple users on the same shared server, which is how some
hosting companies manage their clients. Each user may have a
different home directory and has separation from other
On 20/04/06, Ben Liu [EMAIL PROTECTED] wrote:
Hello All,
I'm using a single development server to host multiple client
projects, many of which require session management. I've noticed that
sometimes when I test these various web apps (which are simply in
separate sub directories) I get
Thanks for the response Robin, I'm reading up on session.cookie_path
now. It seems that this would require creating separate php.ini files
for each application.
On 4/20/06, Robin Vickery [EMAIL PROTECTED] wrote:
On 20/04/06, Ben Liu [EMAIL PROTECTED] wrote:
Hello All,
I'm using a single
Hi Dave,
Thanks, I think the method recommended by Robin using the function
ini_set() would work, but somehow I think this could be done in
simpler fashion by setting separate session names for each app, unless
I am misunderstanding the use of session_name(). Trying this out
now...
- Ben
On
Ben Liu wrote:
Hi Dave,
Thanks, I think the method recommended by Robin using the function
ini_set() would work, but somehow I think this could be done in
simpler fashion by setting separate session names for each app, unless
I am misunderstanding the use of session_name(). Trying this out
Thanks Jochem, this should give me all I need to solve this problem. -Ben
On 4/20/06, Jochem Maas [EMAIL PROTECTED] wrote:
Ben Liu wrote:
Hi Dave,
Thanks, I think the method recommended by Robin using the function
ini_set() would work, but somehow I think this could be done in
simpler
Hi Dave,
After a bit more research, I think I understand why Jochem recommends
use of session_save_path() rather than just naming each session
differently. The former method provides more security as you can set
the location where session cookies are stored. This will help prevent
an attacker
On Thu, April 20, 2006 10:21 am, Ben Liu wrote:
I'm using a single development server to host multiple client
projects, many of which require session management. I've noticed that
sometimes when I test these various web apps (which are simply in
separate sub directories) I get session leakage
On Thu, April 20, 2006 1:46 pm, Ben Liu wrote:
After a bit more research, I think I understand why Jochem recommends
use of session_save_path() rather than just naming each session
differently. The former method provides more security as you can set
the location where session cookies are
11 matches
Mail list logo
