How to share sessions between two sites when suhosin is enabled?

270 views Asked by At

Recently our client migrated to server with suhosin enabled. Till then we were using session sharing to switch between wp and our custom cms. Now the session details are saved in DB after encryption. After pulling out the hair for one day we found that Suhosin is the culprit in the new server for this. Is there any way to read the session datas from the suhosin values?

2

There are 2 answers

1
user632347 On BEST ANSWER

You cant decrypt suhosin session details. It better to change the authentication method. Disabling suhosin is a compromising on the security.

0
Chris_O On

You can use memcached to save sessions in persistent memory cache between servers or sites without having to save to a file or DB.

You can also change the suhosin transparent encryption options. For example this might solve your problem:

suhosin.session.cryptdocroot

Type: Boolean
Default: On
Flag that decides if the transparent session encryption key depends on the Documentroot field.