Hello there, I tried fiddling with PHP Sessions but found some serious issues.
With default settings, using PHP’s native function session_start() will create the session storage file in WINDOWS TEMP directory, which is highly unsecure. Anyone can read the files and is free to alter anything.
Changing the default session storage path with ini_set(“session.save_path”, “/”) saves the subsequent sessions in the DATA folder that stays beside the application.
Again, this is also highly unsecure, as the sessions files are still open to everyone.
Is there any way the sessions files are saved only in the memory (RAM) along with all other PHP files? This would really help me a lot in my application which uses sessions.
Of course, the session files need not be persistent, and I’m okay if they are destroyed when the application is closed. I just want the session files to be stored securely in memory.
I also know about custom session handling methods that work with databases, but that would increase the load on the database server (MariaDB), because there are going to be a lot of requests.
I hope to get a solution quickly.