summaryrefslogtreecommitdiffstats
path: root/user_guide_src/source
diff options
context:
space:
mode:
Diffstat (limited to 'user_guide_src/source')
-rw-r--r--user_guide_src/source/libraries/sessions.rst4
1 files changed, 2 insertions, 2 deletions
diff --git a/user_guide_src/source/libraries/sessions.rst b/user_guide_src/source/libraries/sessions.rst
index bf0d7a49c..ac0ca27f5 100644
--- a/user_guide_src/source/libraries/sessions.rst
+++ b/user_guide_src/source/libraries/sessions.rst
@@ -493,7 +493,7 @@ also steal any of the current sessions (also known as "session fixation"
attack).
On UNIX-like operating systems, this is usually achieved by setting the
-0600 mode permissions on that directory via the `chmod` command, which
+0700 mode permissions on that directory via the `chmod` command, which
allows only the directory's owner to perform read and write operations on
it. But be careful because the system user *running* the script is usually
not your own, but something like 'www-data' instead, so only setting those
@@ -503,7 +503,7 @@ Instead, you should do something like this, depending on your environment
::
mkdir /<path to your application directory>/sessions/
- chmod 0600 /<path to your application directory>/sessions/
+ chmod 0700 /<path to your application directory>/sessions/
chown www-data /<path to your application directory>/sessions/
Bonus Tip