Sriram Natarajan wrote: > > - Disk space. In a production web site, sessions can occupy lot of disk > space in no time. Though, it might be a common practice to allocate a > big slice for /var , I am not sure if the same is the case for /tmp. I
/tmp is in memory.. Which does mean if the session data is huge it can cause memory shortage issues. Is there any typical size/amount for this usage? I suspect the answer may be too variable depending on site content? > - We probably don't want casual users to have access to these session Never mind the casual user, you need to protect against the dedicated attackers... ;-) > data on the production system. To overcome this issue, we could probably > create a sub directory under /tmp (say /tmp/php/sessions) and ensure > that only either 'root' or 'webservd' has permission to this directory. Yes this is an important concern. What does it create? A file per session or a directory hierarchy or what? -- Jyri J. Virkki - jyri.virkki at sun.com - Sun Microsystems
