HansH wrote:
> <phillip.s.powell@gmail.com> schreef in bericht
> news:1165529250.835286.151950@l12g2000cwl.googlegr oups.com...
> > What I tried doing was this, out of desparation:
> >
> > <Files>
> > order allow,deny
> > deny from all
> > </Files>
> What files are to be denied without specifying a filename ??
> Test for me
> <Files ~ ".">

Sorry I tried that and the session files are still viewable via
browser:

<Files ~ ".">
order allow,deny
deny from all
</Files>

>
> > And even then all session files were still viewable. That's when I
> > concluded perhaps it is due to the nature of how PHP names its session
> > files (no PHP session file has any extension, just a name),
> Thinking name-dot-extention ... is a MicroSoft doctrine.
>
>
> BTW your sess* files are at the document_root ...???
> If not, try
> <Location /<folder>/>
> order allow,deny
> deny from all
>

Sorry that also failed; the session files are easily viewable via
browser :(

<Location /path/to/session/files>
order allow,deny
deny from all
</Location>


> HansH
> </Location>