PHP :: Bug #19477 :: Session Management and Safe

Bug #19477

Session Management and Safe_mode disturb each other

Submitted:

2002-09-18 11:17 UTC

Modified:

2002-10-05 11:16 UTC

Votes:	2
Avg. Score:	3.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

tilo at b-n-w dot org

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.2.3

OS:

Linux 2.4.19

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	tilo at b-n-w dot org
New email:
PHP Version:		OS:

New Comment:

[2002-09-18 11:17 UTC] tilo at b-n-w dot org

The following problem occurs:

session.save_path is set to /tmp

safe_mode is on

There are several virtual domains with their own
home directory (each has one).

The session Management does only work, if the safe_mode 
is off. It also works, when safe_mode is on and 
session.save_path is set to some place in one of this
home directories (but of course only for this virtual
domain, yes, I tried it). I can't understand, why 
safe_mode does influences the session management. I 
couldn't find any hint if this is by design.

It is not possible for me to have a separate 
session.safe_path for everyone.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-10-02 01:22 UTC] sas@php.net

You can put a 

php_value session.save_path "/where/your/customer/lives" 

into each <virtualhost> section of your web server config file.

[2002-10-02 04:02 UTC] tilo at b-n-w dot org

This seems not to be a solution, but a workaround.

It is not useful for a customer, who even has
problems to manage his website with a ftp-client, to
see scary silly session-files in his home-directory.

I think the behaviour of php, I mentioned, is not by design.
If you think, that it is a security flaw to have
one session.save_path for all, then this
behaviour would seem reasonable.

[2002-10-05 09:46 UTC] iliaa@php.net

Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit http://www.php.net/support.php

Thank you for your interest in PHP.

Not a bug.
Inside your webserver config simply add a line 
php_value session.save_path "/where/your/customer/lives/sessions/"
and make a seperate 'sessions' directory inside each user's home directory where the session files would be stored.
That way not only will this work but not polute the user's home directory.

[2002-10-05 11:16 UTC] tilo at b-n-w dot org

Strange idea of software abstraction, but you are
the programmers.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 30 22:00:01 2025 UTC