I'm making personal MVC framework skeleton I plan to build all sites on it (reserve your question pls on why not CI or CakePHP et al). Now Thinking of session security, one option is database. I was wondering whether storing session data in root_app/tmp/sessions/ would be better as/more than database! I was asking from security perspective
Thanks!

store your session into the database. it is more secured.

store your session into the database. it is more secured.

Why is it more secure in database than in .htaccess protected personal folder?

If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.

If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.

This now makes sense! I'm trying to understand the essence of MVC framework to have such folder. What is it for?