<< Comments inline >> ----- Original Message ----- From: "Rasmus Lerdorf" <[EMAIL PROTECTED]> To: "Danny Shepherd" <[EMAIL PROTECTED]> Cc: "PHP-General" <[EMAIL PROTECTED]> Sent: Tuesday, July 30, 2002 11:24 AM Subject: Re: [PHP] Sessions - Informed Opinions
> > Assuming that sessions are stored on the filesystem by default: > > 1 How secure is this? Could someone with system level access simple > > wander into the session store directory and start browsing though the > > session data? > > Well, at least as secure as passing this stuff out across the Internet to > random clients where anybody can steal these cookies and present them back > to you in a spoof attack. > Fair enough > > 2 Are expired sessions removed from the filesystem automatically? How > > often is this garbage collection performed? > > Sure. You configure it. See php.ini > > > 3 How can I get a count of currently active (I.e non expired) sessions? > > Count the number of session files. Can I be sure that the count will only include active sessions though? > > > 4 Are there any performance issues to worry about doing it this way? > > Not really > > > 5 Is it quicker to do it this way or store sessions in a db using > > session_set_save_handler? > > Should be slightly quicker if your database is nice and fast and your > schema is sane. Great > > > As for my setup - it's a BSD box - Apache2.0.39 + PHP4.2.2 (apache module) + > > PHP4.3.0dev-Zend2alpha2 (cgi) - both compiled with pretty much everything. > > Why in the world are you running Apache2? You are not running it threaded > anyway (since you are on FreeBSD) so you are not gaining any of the > threaded scalability that is Apache2's only real selling point right now. > You are running code that acts just like Apache 1.3.x except it is much > less stable (at least with PHP). Can't say I've really noticed any stability issues - even with PHP (there was that multiple cookie bug but even so). It's a dev box (the release boxes all use Apache1.3.x) and TBH, I was playin' about some of Apache2's other features, such as the dynamic vhosting, which might be useful to me later. Thanks for the reply though, Danny. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
