PHP sessions functions are just a convenient way to generate a session identifier, set it in a cookie (or pass it along with every POST or GET request) and link it to some session data somewhere on the server. Convenience is all right, but it might obscure some important details. Given that session data is likely to contain sensitive information, what can you tell us about session data storage.
Choose all that apply:
A. PHP session data is stored in server memory and is managed by PHP: without the session id it is not possible to get to the data.
B. By default PHP will store it's session data in the system's temporary directory where it might be read by other users and scripts unless
safe_mode is enabled.
C. The location of the session data can be set through the
session.save_path ini setting which can be set anywhere (script, php.ini, .htaccess etc.) or alternatively per script through the
D. By using
session_set_save_handler() you can provide your own session data handler. That way you can store session data any way you like.