On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan <ash@xxxxxxxxxxxxxxxxxxxx>wrote: > On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote: > > > > > > As Floyd suggested keeping your sessions in the DB will give you better > > session management and security as well. > > Why would putting the session data in a database offer more security? > I'm not meaning to try and poke holes in your idea, I genuinely don't > know the answer! > > *Storing Session Data In A Database *When you use on-disk files to store session data, those files must be readable and writeable by PHP. On a multi-user hosting system, it is possible for other users to access your session data through the PHP process (but see the commentary on open_basedir in part 5 of this series. The best way to secure your session data is to store it in a database. source: http://www.acunetix.com/websitesecurity/php-security-6.htm I have also studied Zend Certification Study guide by Davey Shafik and Ben Ramsey who said similar things in the book. Lenin http://twitter.com/nine_L
