I hope someone can help me.
My site been using cookies and i have decided to scrap cookies after finding to many security holes which i myself was able to hack in testing.
I have looked online and found nothing that is want i am after even my php books does not mention anything about session paths only about sessions itself.
Basically i was reading the session path can be changed, i am on shared web hosting server and obviously due to security pitfalls i want to change the session path.
I do not have access to the php.ini file so i looked up and noticed i could use session_save_path.
Thing is i cannot find how i actually use it,
1) Basically how do i tell it where the new session path is?
2) Do i need to use the session path on every page that uses sessions so it knows where to store the sessions?
3) Also would i have to specify the session path before the session_start(); ?
4) How would i write the directory to the session path? something like /home/sites/mydomain.com/ ?
5) Should i store the session path folder outside of the public_html area? and if so what should the CHMOD be? my host does not support CHMOD 777 but supports CHMOD 755.
6) How do i get around starting a session after header info etc been sent as sometimes i think i am going to need to send afterwards?
Sorry for all the questions, i have looked everywhere, in my books, google and php.net and cannot find answers to my questions.