Are PHP sessions secure in / tmp on shared hosting?

Question

Are PHP sessions secure in / tmp on shared hosting?

I heard that this causes security problems. Would it be prudent to use pure databases for storing PHP sessions, rather than in / tmp?

+5

php

Ryan Jul 12 '11 at 10:07

source share

3 answers

If the session data contains sensitive pieces of information, it is not safe for anyone who you cannot trust to access it, of course.

- , , , .

, , , .

0

Dennis Kreminsky 12 . '11 22:11

No, they can be read by your host provider if you use shared hosting, if he wants ...

0

genesis Jul 12 '11 at 22:13

source share

Wrikken · Accepted Answer · 2011-07-12T22:10:15+0000

They are unsafe (although an extension of Sukhozin can encrypt them, providing little security). Because of this, you do not need to switch to the database (although there are other good reasons for this). The easiest way is to simply install session.save_pathinto a directory that you can access.

Are PHP sessions secure in / tmp on shared hosting?

More articles: