Setting the Session Cookie??™s Valid URL Path
The directive session.cookie_path determines the path in which the cookie is considered
valid. The cookie is also valid for all child directories falling under this path. Its
prototype follows:
session.cookie_path = string
For example, if it is set to /, then the cookie will be valid for the entire Web site.
Setting it to /books causes the cookie to be valid only when called from within the
http://www.example.com/books/ path.
Setting the Session Cookie??™s Valid Domain
The directive session.cookie_domain determines the domain for which the cookie is
valid. This directive is necessary because it prevents other domains from reading
your cookies. Its prototype follows:
session.cookie_domain = string
The following example illustrates its use:
session.cookie_domain = www.example.com
452 CHAPTER 18 ?– SESSION HANDLERS
If you??™d like a session to be made available for site subdomains, say customers.
example.com, intranet.example.com, and www2.example.com, set this directive like this:
session.cookie_domain = .example.com
Validating Sessions Using a Referer
Using URL rewriting as the means for propagating session IDs opens up the possibility
that a particular session state could be viewed by numerous individuals simply
by copying and disseminating a URL. The session.referer_check directive lessens
this possibility by specifying a substring that each referrer is validated against.
Pages:
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532