0

I'm making personal MVC framework skeleton I plan to build all sites on it (reserve your question pls on why not CI or CakePHP et al). Now Thinking of session security, one option is database. I was wondering whether storing session data in root_app/tmp/sessions/ would be better as/more than database! I was asking from security perspective
Thanks!

3
Contributors
4
Replies
5
Views
5 Years
Discussion Span
Last Post by Stefano Mtangoo
0

store your session into the database. it is more secured.

Why is it more secure in database than in .htaccess protected personal folder?

0

If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.

0

If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.

This now makes sense! I'm trying to understand the essence of MVC framework to have such folder. What is it for?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.