Rp.: Re: [Phplib-users] A great improvement
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Rp.: Re: [Phplib-users] A great improvement
|
From: Giancarlo P. <gia...@na...> - 2002-08-20 09:11:07
|
My subsequent request has been to deepen the depth of possible session.save_path/gc at 3, so it makes possible for ISPs to configure per-user session paths, eg /home/user/tmp, without worry for gc. As I showed, being gc_maxlifetime INI_ALL, any vhost could, otherwise, force gc to wipeout the common cauldron in /tmp. In the end phplib could offer the possibility to use faster PHP4 sessions while not authenticated, and be configured to migrate to a more secure, classical/custom session for authenticated sessions only. Could this be a good compromise between speed and security? How would you configure that passage? I mean, the auth class is loaded *after* the session class..how can the auth object impose the use of a different session class? Then maybe that idea of mine to clone_and_migrate the actual session into a freshnew one, after authentication, could be the occasion for a session-type upward change. Gian |
