Using chmod 1777 for a sessions directory

bostboy · April 17, 2011, 9:41pm

In my hosting environment, I am pointing php.ini to a session.save_path of /var/lib/php/session and have used a chmod 1777 on the session directory and all of the sites can store cookies there just fine.

The root files for the web sites are at /var/www/vhosts/myapp1, 2, 3, 4/docs/

Are there any security concerns using the 1777 in this instance regarding hijacking cookies or any other security considerations? The session directory is owned by Apache.

Thanks

gravitationalfx · April 18, 2011, 12:19pm

If you have your own server or VPS then no.

If you’re on a shared host and the Apache service has session access then it is possible (but highly unlikely) that another script on the same box could access your sessions.

But they would need to know the exact location and name of the files in relation to your setup so it’s not likely.

bostboy · April 18, 2011, 2:03pm

Thanks. I appreciate the input.

Topic		Replies	Views
Session.save_path issue PHP	8	838	March 17, 2011
Help! - session vars not saving PHP	23	1653	April 17, 2011
Scope of SESSION data across different folders PHP	15	19892	October 8, 2014
SESSION VARIABLES not stored PHP	18	35601	October 8, 2014
Php.ini in a vhost environment PHP	4	2444	April 17, 2011

Using chmod 1777 for a sessions directory

Related topics