Take a look at this: http://us2.php.net/manual/en/function.session-save-path.php
Thank you, Micah Gersten onShore Networks Internal Developer http://www.onshore.com k bah wrote: > Hi, > > I noticed session files are kept on /tmp for a while, and even if they were > immediately deleted, well, someone could use one of my php scripts to inject > code and read them, since they belong to the httpd user. > What's the best way to receive passwords thru a form and store them in the > $_SESSION while I process other information to decide whether or not that > user is able to proceed and login (check to see if user is also allowed to > use that service, not just validate user/pw)? I use https, always, no plain > http is used. > > Thanks > > = > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
