default to file-based session storage

5 files changed, 15 insertions, 4 deletions

diff --git a/.gitignore b/.gitignore
index d416967..c7fa6b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 config.php
 db/scratch.db
+sessions/sess*
diff --git a/config.php-dist b/config.php-dist
index 3404f34..c9d9083 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -9,3 +9,5 @@
 	define('DICT_CLIENT', '/usr/bin/dict');
 	define('DICT_SERVER', 'localhost');
 
+	define('SQLITE_SESSION_STORE', false);
+	// store sessions in scratch.db (not recommended, slow)
diff --git a/index.php b/index.php
index 94ed294..5260b1d 100644
--- a/index.php
+++ b/index.php
@@ -3,6 +3,10 @@
 		die("Please copy config.php-dist to config.php and edit it.");
 	}
 
+	if (!is_writable("sessions")) {
+		die("sessions/ directory is not writable.");
+	}
+
 	if (isset($_SERVER["PHP_AUTH_USER"])) {
 		die("HTTP Authentication is no longer supported, please see migration notes in git.");
 	}
diff --git a/sessions.php b/sessions.php
index 9a90ad4..82a90c2 100644
--- a/sessions.php
+++ b/sessions.php
@@ -57,12 +57,16 @@
 
 		return true;
 	}
-	session_set_save_handler("s_open",
-		"s_close", "s_read", "s_write",
-		"s_destroy", "s_gc");
+
+	if (defined('SQLITE_SESSION_STORE') && SQLITE_SESSION_STORE) {
+		session_set_save_handler("s_open",
+			"s_close", "s_read", "s_write",
+			"s_destroy", "s_gc");
+	} else {
+		session_save_path(__DIR__ . "/sessions");
+	}
 
 	register_shutdown_function('session_write_close');
 
 	session_start();
-
 ?>
diff --git a/sessions/.empty b/sessions/.empty
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/sessions/.empty