If you are on a shared server, setting the session save path to be to a private folder within your account space will insure that none of the other accounts have access to the session data files and this will prevent garbage collection that runs due to the other accounts from deleting your session data files (people often set short garbage collection lifetime values in an incorrect attempt to end sessions.)
If you can, set this to a folder that is outside of (closer to the disk root) your web document root folder. This will prevent anyone from browsing to the files. If this option is not available, then you would need to put the folder within your web document root folder, but you must add either a .htaccess file that prevents (deny) all web access or place an empty default document in it so that if anyone figures out the folder name and browses to it, they cannot access the files.
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
|