The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

shared hosting user home folder tmp directory -- can I use this for php sessions?

Discussion in 'General Discussion' started by cmuench333, Jul 30, 2014.

  1. cmuench333

    cmuench333 Member

    Joined:
    Apr 27, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    By default on a shared hosting server generally session.save_path is /tmp. This is bad for a couple reasons such as other users on the server can read the data AND even garbage collect the session before it really should.

    I have been changing session.save_path to /home/user/tmp and it seems to work fine. This also seems to be the place where phpMyAdmin creates it is sessions.

    Is there any harm in creating sessions in this folder? (IE: Does anything auto clear the folder in cpanel in a cron?)

    Also will session garbage collection still work when changing the folder?
     
    #1 cmuench333, Jul 30, 2014
    Last edited: Jul 30, 2014
  2. SS-Maddy

    SS-Maddy Well-Known Member

    Joined:
    Mar 28, 2009
    Messages:
    83
    Likes Received:
    0
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Hello
    The location /home/user/tmp is used for various stats and hence setting a cron to delete the folder contents is not recommented. You can create a seperate directory and set the path to that directory. Normally session files are removed automatically as per the configuration, otherwise you can set a cron using find command to delet files of its last access time.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Other users should not be able to read sensitive information from the /tmp partition. Please feel free to provide a specific example of this. Note that you can use an alternative /tmp partition, but do not delete the contents of "/home/$user/tmp" because it contains important data such as statistics.

    Thank you.
     
  4. cmuench333

    cmuench333 Member

    Joined:
    Apr 27, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    I am asking if using /home/$user/tmp can be used for php sessions. I read the first comment and it seems there is a cron that clears out that folder. Is this true?

    Also /tmp php session files are created by nobody and a php script could simply run that reads from /tmp easily.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    No, that is not accurate. There are no default cron jobs that clear out the tmp directory in "/home/$user" and there should not be because important data is stored in that location.

    Thank you.
     
  6. cmuench333

    cmuench333 Member

    Joined:
    Apr 27, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1

    So is it safe to change session directory to this directory instead of /tmp? (it seems phpMyAdmin already does this)
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page