Hi All
I'm on page 41 (in Security Fundamentals).
Referring to:
"For sensitive data being stored, but not stored in a database, change your sessions directory, and use the Web root directory's parent folder (see Figure 2.5)."
Could someone elaborate on what this means? I'm not sure what a sessions directory is.
When it refers to "sessions", is it talking about session variables that we can create?... like if I wanted to store the logged-in users first name in $_SESSION['userFirstName']?
Is temporarily storing potentially sensitive data in session variables not secure?
I'm pretty new at this, so please use plenty of laymen terms
Thank you so much.