php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #25887 session.save_path should respect open_basedir
Submitted: 2003-10-16 11:24 UTC Modified: 2010-12-21 19:32 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: john at scl dot co dot uk Assigned: johannes (profile)
Status: Closed Package: *General Issues
PHP Version: 4.3.3 OS: linux
Private report: No CVE-ID: None
View Developer Edit
 [2003-10-16 11:24 UTC] john at scl dot co dot uk 
Description:
------------
Surely either:

session.save_path should respect open_basedir

OR (but not so good)

session.save_path should be a php_admin_value rather than
just a php_value as at present.  With proper configuration
one can then prevent session hijacking.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-21 19:32 UTC] johannes@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: johannes
 [2010-12-21 19:32 UTC] johannes@php.net 
This is the case meanwhile
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Tue Jul 22 17:00:02 2025 UTC