Table of Contents
Session Files on Shared Server Vulnerability
Sensitive data may be extracted from temporary session state files on a Security relating to Shared Hosts or Compromised Systems.
Exploits
Assuming a UNIX+Apache web server setup, session files are typically stored in a temporary system location (typically somewhere like /tmp). The owning user will be the user Apache runs as, if PHP is used as an Apache module (common) so anyone is able to put a script on the server can view / modify any of the session files in /tmp (the session temporary directory).
Remedy
- Use session_set_save_handler() to redefine the way session data is stored.
- Use encryption to secure the information stored in session files.