shared hosting user home folder tmp directory -- can I use this for php sessions?

[cmuench333]

By default on a shared hosting server generally session.save_path is /tmp. This is bad for a couple reasons such as other users on the server can read the data AND even garbage collect the session before it really should.

I have been changing session.save_path to /home/user/tmp and it seems to work fine. This also seems to be the place where phpMyAdmin creates it is sessions.

Is there any harm in creating sessions in this folder? (IE: Does anything auto clear the folder in cpanel in a cron?)

Also will session garbage collection still work when changing the folder?

 

[SS-Maddy]

Hello
The location /home/user/tmp is used for various stats and hence setting a cron to delete the folder contents is not recommented. You can create a seperate directory and set the path to that directory. Normally session files are removed automatically as per the configuration, otherwise you can set a cron using find command to delet files of its last access time.

 

[cPanelMichael]

Hello

By default on a shared hosting server generally session.save_path is /tmp. This is bad for a couple reasons such as other users on the server can read the data AND even garbage collect the session before it really should.

Other users should not be able to read sensitive information from the /tmp partition. Please feel free to provide a specific example of this. Note that you can use an alternative /tmp partition, but do not delete the contents of "/home/$user/tmp" because it contains important data such as statistics.

Thank you.

 

[cmuench333]

Hello



Other users should not be able to read sensitive information from the /tmp partition. Please feel free to provide a specific example of this. Note that you can use an alternative /tmp partition, but do not delete the contents of "/home/$user/tmp" because it contains important data such as statistics.

Thank you.

I am asking if using /home/$user/tmp can be used for php sessions. I read the first comment and it seems there is a cron that clears out that folder. Is this true?

Also /tmp php session files are created by nobody and a php script could simply run that reads from /tmp easily.

 

[cPanelMichael]

I am asking if using /home/$user/tmp can be used for php sessions. I read the first comment and it seems there is a cron that clears out that folder. Is this true?

No, that is not accurate. There are no default cron jobs that clear out the tmp directory in "/home/$user" and there should not be because important data is stored in that location.

Thank you.

 

[cmuench333]

No, that is not accurate. There are no default cron jobs that clear out the tmp directory in "/home/$user" and there should not be because important data is stored in that location.

Thank you.

So is it safe to change session directory to this directory instead of /tmp? (it seems phpMyAdmin already does this)

 

[cPanelMichael]

Yes, that's fine. I would still make it a subdirectory (e.g. /home/$username/tmp/123) for better organization.

Thank you.