I'm administering WordPress sites under suPHP on a CentOS LAMP server and would like to know how I can set PHP to keep the session files under the WP user's dir without having do duplicate the entire php.ini file for each WP site while still maintaining adequate security. The problems I'm encountering are that, AFAICT, I have basically two choices: 1. Use the suPHP "suPHP_ConfigPath" to set the path to a per-site php.ini file containing a "session.save_path" directive. 2. Put php.ini files with the "session.save_path" directive within the WP dir hier. The problems with the above two options (I have found no other options so far) are that, for the former, the system php.ini file is not read so the per-site php.ini file(s) have to duplicate most if not all of what's in the system php.ini file; this is for each WP site (if not a WP Net (AKA WPMU) install); and for the latter, -any-and-every- subdir in the WP dir hier that has code that may reference the PHP session must have its own php.ini file in it. Either way it becomes a significant maintenance problem, especially once there are more than one or two such sites. I have not been able to find much documentation on this, either in the PHP site or in the various help forums. I've searched quite extensively and have run some tests of my own using phpinfo.php to see how things are set. I do not desire to open up file permissions to bypass this PHP settings issue altogether due to security concerns (though I do wish an answer could be so simple). What's canonical in such a case? If nothing, are there any other alternatives? My desired solution would be to be able to put one php.ini (or equivalent) file per site that would contain the needed directive which would be merged with the settings from the system php.ini, overriding only the session.save_path, but, AFAICT, PHP does not seem to allow this. Any other ideas? Thanks! --Phil -- Philip Amadeo Saeli openSUSE, RHEL, CentOS psaeli@xxxxxxxxxxxx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php