[mythtv-users] MythWeb - sessions problem
Sean Burlington
sean at uncertainty.org.uk
Fri Oct 8 11:56:18 UTC 2004
Ciaran wrote:
> On Fri, 08 Oct 2004 09:49:57 +0100, Sean Burlington
> <sean at uncertainty.org.uk> wrote:
>
>>
>>I had a problem with sessions which I resolved by commenting the line
>>
>># php_value session.save_path php_sessions
>>
>>in /usr/share/mythtv/mythweb/.htaccess
>>
>>This was setting the path for storing mythweb session to a directory
>>that didn't exist.
>>
>>--
>>
>>Sean
>>
>
> Cheers for that Sean, that error message has been bugging me for a
> while :) COmmenting that out fixed it nicely, however is this path
> not required?
>
>
looking more closely it might be better from a security standpoint to
create the directory
I don't think there is any functional reason why it matters
But since anyone with access to mythweb can already delete all my stored
programs or use all my CPU, disk space etc - session hijacking is the
least of my worries.
http://uk.php.net/manual/en/ref.session.php
session.save_path defines the argument which is passed to the save
handler. If you choose the default files handler, this is the path where
the files are created. Defaults to /tmp. See also session_save_path().
Warning
If you leave this set to a world-readable directory, such as /tmp (the
default), other users on the server may be able to hijack sessions by
getting the list of files in that directory.
More information about the mythtv-users
mailing list