Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

good place for the sessions /tmp folder?


Guest

Recommended Posts

Hi,

 

It was suggested to add your own /tmp folder instead of using /tmp on your server.

 

My server structure is like this:

etc

mail

public_ftp

public_html (this is where all the files are and are seen on Internet)

tmp

www (points to public_html folder)

 

I cannot put the files in that tmp file listed as I would have to change the permissions.

 

Where is the best place to setup a /tmp directory, permissions, etc.?

 

Thanks!

Link to comment
Share on other sites

Thanks Steve!

 

I had tried that before and got a blank page on the site but this time I checked the permissions which were wrong and set them to 777 and it is working!

Link to comment
Share on other sites

I would thik it would go in your public_html root. That is where mine is.The you can set it too 777.

 

Steve, what evil intentions do you have behind that? :D

 

The session files should not be accessbile to the world! So put them anywhere outside your public_html directory.

 

Whats worse than having someone hijack a users session? Giving the hijacker access to a directory full of live sessions :!:

:heart:, osCommerce

Link to comment
Share on other sites

Hi,

 

I have made a folder outside my public directory called "sessions". I had to chmod it to 777 to get it to work, otherwise the store has a blank page.

 

etc

mail

public_ftp

public_html (this is where all the files are and are seen on Internet)

sessions (chmod 777)

tmp

www (points to public_html folder)

 

Will this be ok?

Link to comment
Share on other sites

Hi,

 

I have made a folder outside my public directory called "sessions".  I had to chmod it to 777 to get it to work, otherwise the store has a blank page.

 

etc  

mail  

public_ftp  

public_html (this is where all the files are and are seen on Internet)

sessions (chmod 777)

tmp  

www (points to public_html folder)

 

Will this be ok?

 

That's fine.

 

I'd ask the server administrator for the proper permissions though.

:heart:, osCommerce

Link to comment
Share on other sites

Hi,

 

This is my server and the only permissions I could get it to work where the site stayed up was 777. Otherwise the store site showed a completely blank page.

 

Other suggestions?

Link to comment
Share on other sites

I would thik it would go in your public_html root. That is where mine is.The you can set it too 777.

 

Steve, what evil intentions do you have behind that? :D

 

The session files should not be accessbile to the world! So put them anywhere outside your public_html directory.

 

Whats worse than having someone hijack a users session? Giving the hijacker access to a directory full of live sessions :!:

 

I'm sorry, I wasn't aware of this. I apologize for the miss-information.

Steve

-------------------------

Link to comment
Share on other sites

I would thik it would go in your public_html root. That is where mine is.The you can set it too 777.

 

Steve, what evil intentions do you have behind that? :D

 

The session files should not be accessbile to the world! So put them anywhere outside your public_html directory.

 

Whats worse than having someone hijack a users session? Giving the hijacker access to a directory full of live sessions :!:

 

Is this still a problem, if sessions are stored in the database?

 

And which is better, storing sessions in the database or in a file?

Steve

-------------------------

Link to comment
Share on other sites

No, if sessions are stored in the DB you can not hijack them as easily as they would be in your /public 777 scenario.

 

Database versus files is a long discussion.

I prefer DB myself because I have always been taught file manipulation is slower then db manipulation. (ie writing / pulling data)

I know a lot of people might disagree on this for various reasons though.

 

 

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

No, if sessions are stored in the DB you can not hijack them as easily as they would be in your /public 777 scenario.  

 

Database versus files is a long discussion.  

I prefer DB myself because I have always been taught file manipulation is slower then db manipulation. (ie writing / pulling data)  

I know a lot of people might disagree on this for various reasons though.

 

 

Mattice

 

Thank you, This clears things up for me.

Steve

-------------------------

Link to comment
Share on other sites

Hi,

 

This is my server and the only permissions I could get it to work where the site stayed up was 777.  Otherwise the store site showed a completely blank page.

 

Other suggestions?

 

If you know what your server runs as (ie Apache is ussually user 'nobody' in group 'nobody') you can set a somewhat stricter permission on it.

 

In Linux:

 

chown nobody.nobody sessions

chmod 700 sessions

 

Try that.

 

HTH

Mattice

"Politics is the art of preventing people from taking part in affairs which properly concern them"

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...