Where is a PHP session file stored?

Asked

Viewed 1,874 times

2

I’ve read about files related to $_SESSION, but I would like to find them. Where they are stored?

php session

  • On the server, the one on the client is the cookie.

  • 5

    No need to find it, it smells like creating a major security breach or gambiarra, ideally get for $_SESSION.

  • 2

    I don’t think downvotes are fair, despite the simplicity of the question, this localization control is important, mainly so it uses something like PHPRC (http://php.net/manual/en/configuration.php) and intends to isolate "things", or even work multiple domains, I will not go into details, I will leave my +1, although I believe that the question as it was written led to a slightly different understanding, so that by my previous comment it is noted that the question made me believe that I really needed to get the files. Give any way now understand the real motivation of the question.

2 answers

5


The storage location of the variable $ _SESSION is determined by the configuration session.save_path PHP. Normally, the path is /tmp on a Linux/Unix system.

Use the function phpinfo() to see your settings if you are not 100% sure of the location. Just create a file .php with that code in DocumentRoot of your domain:

<?php
   phpinfo();
?>

Observing

As stated in the comments, and also very important to emphasize:

Simply put, you can use the function session_save_path() which controls that Directive.

If you use session_save_path() you will be able to easily find out the storage location of session variables:

<?php
    echo session_save_path();
?>

We also have an answered question about this in our Big Brother SO.

  • 1

    It was ninja, I could almost respond at the same time, but today the label Rubens Barriquelo is my xD kkkk . + 1

  • Simply put, you can use the function session_save_path which controls that Directive.

  • Really @Andersoncarloswoss, I’ll add this other way too.

  • 2

    @Andersoncarloswoss in the case he said where the pattern is, which I think is correct within what was asking, anyway if you read the question you will realize that it seems that the AP seems to want to do a gambit which can cause a huge security breach.

1

On the server, of course, it would make no sense to keep this control on the client, this information is necessary precisely for the application to keep some state between requests.

Browser other questions tagged php session

You are not signed in. Login or sign up in order to post.