Sarteck
February 2nd, 2008, 09:36 PM
Hello, all,
I've got a question just out of morbid curiosity rather than anything going wrong with my scripts.
You see, I've got a site on a shared host, but use my Kubuntu box here at home for testing. After researching about sessions a while back, I learned that it's generally a Good Idea (TM) to set your session.save_path to something other than the world-readable /tmp, particularly if it would be a Bad Thing (TM) for other users on the shared host to be able to read your files.
So, I've got a include file with a global variable called at the beginning of each script. The variables in the 'ini_set' key of the array are all set through the ini_set() function in a foreach loop. Here's an edited example:
$TheGlobal['ini_set']['upload_tmp_dir'] = '/home/sarteck/thesite/temp/';
$TheGlobal['ini_set']['upload_max_filesize'] = '500000000';
$TheGlobal['ini_set']['post_max_size'] = '500000001';
$TheGlobal['ini_set']['memory_limit'] = '500000002';
$TheGlobal['ini_set']['session.save_path'] = '/home/sarteck/thesite/sessions';
$TheGlobal['ini_set']['session.cookie_path'] = '/home/sarteck/thesite/sessions/cookies';
$TheGlobal['ini_set']['session.gc_maxlifetime'] = '86400'; // One Day max lifetime
$TheGlobal['ini_set']['session.use_cookies'] = '1';
$TheGlobal['ini_set']['session.use_only_cookies'] = '1';
$TheGlobal['ini_set']['session.cookie_lifetime'] = '0';
foreach ($TheGlobal['ini_set'] as $ini => $set) {ini_set($ini, $set);}
Using this setup, everything works fine and dandy, like I want it to. Session variables are saved for a sufficient amount of time, and things are seemingly secure. Everything works...
...but, I can't seem to find the actual cookie file anywhere! I've looked in /home/sarteck/thesite/sessions, /home/sarteck/thesite/sessions/cookies, in the "Master value" of /var/lib/php5 from my regular ini file, and even in /tmp, but can't find where the session cookie is stored on the server!
Granted, I don't really need to know--like I said, everything works fine. But it's just bugging me... I can find the cookie stored client-side (in the /home/sarteck/.mozilla/RANDDIR/sessionstore.js files, surprisingly, and not the cookies.txt file like I thought it would be), but not the server-side cookie. Anyone know where I should be looking?
I've got a question just out of morbid curiosity rather than anything going wrong with my scripts.
You see, I've got a site on a shared host, but use my Kubuntu box here at home for testing. After researching about sessions a while back, I learned that it's generally a Good Idea (TM) to set your session.save_path to something other than the world-readable /tmp, particularly if it would be a Bad Thing (TM) for other users on the shared host to be able to read your files.
So, I've got a include file with a global variable called at the beginning of each script. The variables in the 'ini_set' key of the array are all set through the ini_set() function in a foreach loop. Here's an edited example:
$TheGlobal['ini_set']['upload_tmp_dir'] = '/home/sarteck/thesite/temp/';
$TheGlobal['ini_set']['upload_max_filesize'] = '500000000';
$TheGlobal['ini_set']['post_max_size'] = '500000001';
$TheGlobal['ini_set']['memory_limit'] = '500000002';
$TheGlobal['ini_set']['session.save_path'] = '/home/sarteck/thesite/sessions';
$TheGlobal['ini_set']['session.cookie_path'] = '/home/sarteck/thesite/sessions/cookies';
$TheGlobal['ini_set']['session.gc_maxlifetime'] = '86400'; // One Day max lifetime
$TheGlobal['ini_set']['session.use_cookies'] = '1';
$TheGlobal['ini_set']['session.use_only_cookies'] = '1';
$TheGlobal['ini_set']['session.cookie_lifetime'] = '0';
foreach ($TheGlobal['ini_set'] as $ini => $set) {ini_set($ini, $set);}
Using this setup, everything works fine and dandy, like I want it to. Session variables are saved for a sufficient amount of time, and things are seemingly secure. Everything works...
...but, I can't seem to find the actual cookie file anywhere! I've looked in /home/sarteck/thesite/sessions, /home/sarteck/thesite/sessions/cookies, in the "Master value" of /var/lib/php5 from my regular ini file, and even in /tmp, but can't find where the session cookie is stored on the server!
Granted, I don't really need to know--like I said, everything works fine. But it's just bugging me... I can find the cookie stored client-side (in the /home/sarteck/.mozilla/RANDDIR/sessionstore.js files, surprisingly, and not the cookies.txt file like I thought it would be), but not the server-side cookie. Anyone know where I should be looking?