I want to host some friends websites on my server.
They will use php and commands like session_start etc. So it is important that the variables from all domains(users) don’t get mixed with each other.
It seems to work if the vhosts are set up with domains. Everything seems to be protected between domains from what I’ve noticed so far (Please let me know if you know of anything I should consider)
The problem is that some of my friends won’t use a domain so I thought I could set up the vhost with port instead for those users. But from what I’ve noticed the session variables are not protected between ports so I thought I could solve it by specifying:
php_value session.save_path “c:/b”
It seems to work with separating the session files between the ports but maybe there is something else that could risk the security?
Appreciate if I can get some feedback on this.