Most people host their website on what is called shared hosting. It is basically
when there are multiple people having their websites hosted on a single server.
On a server with a Linux operating system session data will by default be stored
in the /tmp directory. It is a directory that stores temporary data and it will
obviously have to be readable and writable by everyone. Therefore, if your
session data is stored in there, which it is by default, then the other users can
find it if they look hard enough. This poses the same security issues as with
cookies being stolen using XSS.
when there are multiple people having their websites hosted on a single server.
On a server with a Linux operating system session data will by default be stored
in the /tmp directory. It is a directory that stores temporary data and it will
obviously have to be readable and writable by everyone. Therefore, if your
session data is stored in there, which it is by default, then the other users can
find it if they look hard enough. This poses the same security issues as with
cookies being stolen using XSS.
No comments:
Post a Comment