php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #25887 session.save_path should respect open_basedir
Submitted: 2003-10-16 11:24 UTC Modified: 2010-12-21 19:32 UTC
Votes:3
Avg. Score:5.0 ± 0.0
Reproduced:2 of 2 (100.0%)
Same Version:2 (100.0%)
Same OS:2 (100.0%)
From: john at scl dot co dot uk Assigned: johannes (profile)
Status: Closed Package: *General Issues
PHP Version: 4.3.3 OS: linux
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: john at scl dot co dot uk
New email:
PHP Version: OS:

 

 [2003-10-16 11:24 UTC] john at scl dot co dot uk 
Description:
------------
Surely either:

session.save_path should respect open_basedir

OR (but not so good)

session.save_path should be a php_admin_value rather than
just a php_value as at present.  With proper configuration
one can then prevent session hijacking.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-21 19:32 UTC] johannes@php.net
-Status: Open +Status: Closed -Package: Feature/Change Request +Package: *General Issues -Assigned To: +Assigned To: johannes
 [2010-12-21 19:32 UTC] johannes@php.net 
This is the case meanwhile
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Sep 19 16:01:27 2024 UTC