session handling with postgresql

Anon

I have set the session save module to user, and have a session set save handler to use with php and postgresql. Is it possible to require the connect string from another directory? I have to include my username and password, so I need to secure the connection string. What is the best way to NOT explicitly declare the pg_connect string within the script?

smarlowe

Yes, you can include the connection string from a file not under the web server's root. Take a look at the output of a php file with the single phpinfo() command in it, and note the include path.

On my workstation, it's:

.:/usr/local/lib/php

which means . (the current directory) AND /usr/local/lib/php are the two places, so my workstation I could put connection.inc into /usr/local/lib/php and no one will be able to view it from the web server front end.

Also, you can use a file extension like .inc and then tell apache not to serve that extension, like so:
<Directory /www>

<Files "*.inc">
Order Deny,Allow
Deny from all

</Files>

more directives we don't care about go here.
</Directory>

Anon

this is very helpful, thank you very much. It seems to sork with simpler scripts that have one needed connection to use an include_once(" ../../../<directory>/<file>"); but maybe it doesn't work with a session set save handler.
My problem really seems to lie in making a PostgreSQL connection for EACH function as it's needed. when I want to use the session write function, the session read is connected, and there is a problem with the write connection. when I try to use the read function, the write connection is there, but there is a problem with the read connection.
Does that make sense ?

I copied the script from the docs at php.net -- someone named yasuo posted a session set save handler.