shared hosting user home folder tmp directory -- can I use this for php sessions?

cmuench333

Member
Apr 27, 2011
8
0
51
By default on a shared hosting server generally session.save_path is /tmp. This is bad for a couple reasons such as other users on the server can read the data AND even garbage collect the session before it really should.

I have been changing session.save_path to /home/user/tmp and it seems to work fine. This also seems to be the place where phpMyAdmin creates it is sessions.

Is there any harm in creating sessions in this folder? (IE: Does anything auto clear the folder in cpanel in a cron?)

Also will session garbage collection still work when changing the folder?
 
Last edited:

SS-Maddy

Well-Known Member
Mar 28, 2009
124
14
68
cPanel Access Level
Root Administrator
Hello
The location /home/user/tmp is used for various stats and hence setting a cron to delete the folder contents is not recommented. You can create a seperate directory and set the path to that directory. Normally session files are removed automatically as per the configuration, otherwise you can set a cron using find command to delet files of its last access time.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
463
Hello :)

By default on a shared hosting server generally session.save_path is /tmp. This is bad for a couple reasons such as other users on the server can read the data AND even garbage collect the session before it really should.
Other users should not be able to read sensitive information from the /tmp partition. Please feel free to provide a specific example of this. Note that you can use an alternative /tmp partition, but do not delete the contents of "/home/$user/tmp" because it contains important data such as statistics.

Thank you.
 

cmuench333

Member
Apr 27, 2011
8
0
51
Hello :)



Other users should not be able to read sensitive information from the /tmp partition. Please feel free to provide a specific example of this. Note that you can use an alternative /tmp partition, but do not delete the contents of "/home/$user/tmp" because it contains important data such as statistics.

Thank you.
I am asking if using /home/$user/tmp can be used for php sessions. I read the first comment and it seems there is a cron that clears out that folder. Is this true?

Also /tmp php session files are created by nobody and a php script could simply run that reads from /tmp easily.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
463
I am asking if using /home/$user/tmp can be used for php sessions. I read the first comment and it seems there is a cron that clears out that folder. Is this true?
No, that is not accurate. There are no default cron jobs that clear out the tmp directory in "/home/$user" and there should not be because important data is stored in that location.

Thank you.
 

cmuench333

Member
Apr 27, 2011
8
0
51
No, that is not accurate. There are no default cron jobs that clear out the tmp directory in "/home/$user" and there should not be because important data is stored in that location.

Thank you.

So is it safe to change session directory to this directory instead of /tmp? (it seems phpMyAdmin already does this)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,216
463
Yes, that's fine. I would still make it a subdirectory (e.g. /home/$username/tmp/123) for better organization.

Thank you.