Menu
▾
▴
Re: [Etest-devel] Re: Etest-devel digest, Vol 1 #19 - 3 msgs
|
From: Chris W. <ch...@ba...> - 2003-12-12 20:35:01
|
=2D----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 12 December 2003 08:02 pm, Brad wrote: > Can someone bring me up to speed on why we are even storing the sessions = in > the db? Is this really necessary? I'm assuming for security reasons but > would like an explanation. I have been very busy lately and have not had > much time to program. Therefore, my code is not using all of the new > configuration files. I plan to make a clone of the student or admin home > page to use as the instructor home page, but would like some explanation > basically for my understanding. The default way sessions are stored are in files in a /tmp (or C:\temp?)=20 directory. The problem here is that in a shared hosting environment, it's= =20 possible for other users on the web server and running their own pages to=20 access your sessions. Storing the sessions in the database ensures that on= ly=20 our site can access the sessions. =2D --=20 Chris Wanstrath ch...@ba... | www.badstatic.com =2D----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/2d9TP8e1G1N5RJkRAv3dAJ0X8eWROAj8++8l0xyfs0LjqLcPdACdHfLd KbT8JsUV3Cufn4xtDhYL/A8=3D =3D4paM =2D----END PGP SIGNATURE----- |
