Session Files in Website

Session files are showing up in the root folder of all my PHP sites on Win9. This would seem to be a security problem to me, but I'm new to PHP. Shouldn't these files be somewhere besides on the website?

BTW, their names are all 'sess_' followed by a 32 digit hex number, and they are all 100-200 bytes in size.

Is this a standard practice that I am just unfamiliar with, or should they be somewhere else?

Many Thanks,
Mike
 
Hello Mike,

You can use a custom php.ini and make a session folder to store the sessions in a different folder.
 
I am also new to PHP. Will doing this prevent other users on the same server from viewing your site's sessions? I had read that some host allow other sites access to sessions from sites on the same server. I guess they are stored in the /tmp directory or something.
 
Back
Top