php - Is there any issue in storing session files in Public_html?

Closed. This question needs to be more focused. It is not currently accepting answers.

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 11 hours ago.

In a PHP membership website hosted in shared hosting, the session used to timeout in 30 minute after closing browser. We solve that problem by creating users.ini file and creating folder 'session' in public_html.

In users.ini file session.cookie_lifetime, session.gc_maxlifetime was extended also session.save_path was set to new directory path. The values of session.cookie_lifetime, session.gc_maxlifetime and session.save_path also set in each PHP program.

These are some queries that I have in this regard.

The session files that are created in session folder have permission 0600 which means it cannot be assessed by anyone. Should we need to worry about session files?
Is it possible to have session folder above public_html this case?
The session folder gets populated with session files for each user visit to website. How to remove empty session files that are no longer needed when user leaves website?

edited 12 hours ago

jonrsharpe

122k30 gold badges268 silver badges476 bronze badges

asked 12 hours ago

user28757434

73 bronze badges

1

In general, this is terrible idea, don't do it. More specifically, if your PHP app can read the files, and you're using Apache with mod_php, then Apache can read the files too. Have you tried requesting an existing session file on a URL like yourdomain.com/session/<session id>
– Alex Howansky
Commented 11 hours ago
1

Given this file can be read by every single site visitor, I would call "cannot be assessed by anyone" a bit of a stretch.
– Your Common Sense
Commented 11 hours ago
@AlexHowansky The session files are being saved as sess_1234. It is showing you don't have permission to access this resource when visit yourdomain.com/session/sess_1234 However, I was able to change session folder above public_html and it is working. Is there anything to worry after storing session above public_html?
– user28757434
Commented 9 hours ago

Add a comment |

0

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.

Collectives™ on Stack Overflow

Is there any issue in storing session files in Public_html? [closed]

0

Hot Network Questions