Recently our client migrated to server with suhosin enabled. Till then we were using session sharing to switch between wp and our custom cms. Now the session details are saved in DB after encryption. After pulling out the hair for one day we found that Suhosin is the culprit in the new server for this. Is there any way to read the session datas from the suhosin values?
How to share sessions between two sites when suhosin is enabled?
292 views Asked by Mic At
2
There are 2 answers
0
On
You can use memcached to save sessions in persistent memory cache between servers or sites without having to save to a file or DB.
You can also change the suhosin transparent encryption options. For example this might solve your problem:
suhosin.session.cryptdocroot
Type: Boolean
Default: On
Flag that decides if the transparent session encryption key depends on the Documentroot field.
You cant decrypt suhosin session details. It better to change the authentication method. Disabling suhosin is a compromising on the security.