Hello,

I downloaded a script for our company. Besides that script I have other scripts installed. Some hand made and some downloaded.

I've noticed that on my "Sessions" folder/directory a new session gets written like every 15 seconds. Those sessions come from the first script that I mentiond. The other scripts don't write to it as much, just on a regular basis.

What could possibly be the reason that this first script writes to much to the folder/directory?


it looks something like this:

user_id|i:1;m|s:2:"06";a|s:2:"09";y|s:4:"2009";c|s:1:"1";w|s:1:"1";o|s:1:"4";

if the script is destroying session data and re-creating it then that would do it.

Perhaps that script is insisting on using temporary files for sessions, instead of a cookie. The best thing is to set "session.only_use_cookies" to 1 in your php.ini. This forces the session to be stored on your visitor's browser and also works around some session issues with PHP itself.

Perhaps that script is insisting on using temporary files for sessions, instead of a cookie. The best thing is to set "session.only_use_cookies" to 1 in your php.ini. This forces the session to be stored on your visitor's browser and also works around some session issues with PHP itself.


You have got that wrong. "session.only_use_cookies" simply instructs PHP to ignore any session ID passed via a URL. It does not force session data to be stored in visitor's browser (this would be very insecure anyway).

Data is still stored in temporary session files (the default session handler for PHP). Cookie only contains the session ID.

You are right. Misleading identifier :D This is what I found:


When this parameter is set to 1 PHP is prevented from overwriting the session ID set from a cookie with the value from URL, thereby improving the security of an application. This parameter was introduced in PHP 4.3 and has a default value of 0, which is also the default behavior in earlier versions of PHP. However, if you use this parameter and cookies are not enabled in sessions or in a user's browser, then sessions will not be able to be used.

Yes that's what I read.

<<<specifies whether the module will only use cookies to store the session id on the client side. Defaults to 0 (disabled, for backward compatibility). Enabling this setting prevents attacks involved passing session ids in URLs. This setting was added in PHP 4.3.0. >>>

Anyways, I enabled that and also added a captcha functionality to the "index.php" of that script. I noticed that it reduced those file writtings from 1 file every 15 seconds to about 1 file every 5 minutes. That's a los much better of course.

Thank you all for your advices.