Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I read this post where the author advices to store session files in a different location on our application since sessions in /tmp/ are not safe. Is this a best practice that everyone follows? How safe does putting session files into other location will make any difference?
Need your valuable advice on this.
Thank You.
The problem is only that if you’re on a shared host, the
/tmpdirectory is typically shared by everybody, so other users will at least be able to list all files in the/tmpdirectory. They don’t typically have access to those files, but just being able to see them may already be quite a security risk. Therefore it’s better to store your temporary data elsewhere where only you have access.This is not really of any concern if you are the master of your own server.