Hi, > I'm agree that's the right way to avoid id reading from any php scripts. But > since directory listing would be denied, the session gc won't be able to do > his job anymore (look at ps_files_cleanup_dir() in mod_files.c).
Indeed, this would be a problem. But your cron solution isn't a good solution, as it also deletes active sessions. > Any other (better) way? There was some feedback on my posting. Top Cat <[EMAIL PROTECTED]> mentioned important points I wasn't thinking about: ---------------------------------------------------------------------- er, you can chmod the dir back to 755 from within apache and read it. the better solution is probably chown root:www /tmp/php_sessions chmod 1730 /tmp/php_sessions assuming www is the group of the user under which apache is run. and of course, since we've gone with a new directory, it would be better to place it in a safer place, say /var/spool/php_sessions ---------------------------------------------------------------------- An user-level approach to solve this problem would be to use session_save_path: http://www.php.net/manual/en/function.session-save-path.php There is also a possibility to store session data in a shared memory environment (anyone got an url for this?). Using MySQL as a session handler would be another way of solving this problem, although I've only seen solutions written in PHP (instead of a core PHP module). Daniel Lorch -- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
