PhpSecInfo Test Information
Checks if the current save_path is a world readable or writable folder, and if it matches the common UNIX system temp directory.
This setting specifies where session files should be saved when using the default session handler. This must be a document outside the document root, and should only be accessible by the web user to prevent other users on the system from investigating your users sessions.
This setting should be unique on a virtual host basis when those virtual hosts are controlled by different entities (such as a shared host situation) to prevent sites from reading each others sessions.
Set save_path to a folder that is:
- outside the document root of your web site
- not readable or writable by any other system users
You can set save_path in the php.ini file:
; Set save_path to a safe location session.save_path = /var/www/foo.bar/sessions
The setting can also be applied in apache's httpd.conf file, or an .htaccess file:
# Set save_path to a safe location php_value session.save_path /var/www/foo.bar/sessions