Using chmod 1777 for a sessions directory

In my hosting environment, I am pointing php.ini to a session.save_path of /var/lib/php/session and have used a chmod 1777 on the session directory and all of the sites can store cookies there just fine.

The root files for the web sites are at /var/www/vhosts/myapp1, 2, 3, 4/docs/

Are there any security concerns using the 1777 in this instance regarding hijacking cookies or any other security considerations? The session directory is owned by Apache.


If you have your own server or VPS then no.

If you’re on a shared host and the Apache service has session access then it is possible (but highly unlikely) that another script on the same box could access your sessions.

But they would need to know the exact location and name of the files in relation to your setup so it’s not likely.

Thanks. I appreciate the input.