JavaScript Required.
We're sorry, but Pega7 doesn't work without JavaScript enabled. Please enable and refresh.
<p>A shared hosting environment offers interesting concerns for all parties involved with Sessions being no different. This tip is specific for PHP but the principles apply to other languages as well.<br /> <br /> Before moving on it's highly recommended to first read the following PHP manual pages (not just skim, or read parts, but actually read!):</p> <ul> <li> <p><a href="http://php.net/manual/ref.session.php" target="_blank">Reference: Sessions</a></p> </li> <li> <p><a href="http://php.net/manual/ref.session.php#ini.session.save-path" target="_blank">Directive: session.save_path</a></p> </li> </ul> <h2 id="hn_INI_Directives">INI Directives</h2> <p>Tips on various PHP Session related directives:</p> <ul> <li> <p>By default (for ASO shared hosting environments) set to '<strong>/tmp',</strong> meaning session files are saved here for all users of the hosting server/computer</p> </li> <li> <p>This makes it easy/possible for other users to peek in on (steal) this session data, and hijack sessions</p> </li> </ul> <p>Consider setting this directive to a path like '<strong>/home/yourusername/tmp'</strong>. Essentially you must:</p> <ul> <li> <p>Be sure the path exists (by creating it in FTP or SSH)</p> </li> <li> <p>Since session.save_path is <em>PHP_INI_ALL</em> it can be set either:</p> <ul> <li> <p>In the PHP script itself using <a href="http://php.net/session-save-path" target="_blank">session_save_path</a>() or ini_set()</p> </li> <li> <p>Or in .htaccess</p> </li> <li> <p>Or in php.ini</p> </li> </ul> </li> <li> <p>Setting to a home path also affects disk usage but typically these files are small</p> </li> </ul> <p> </p>