PHP :: Bug #19477 :: Session Management and Safe

Bug #19477

Session Management and Safe_mode disturb each other

Submitted:

2002-09-18 11:17 UTC

Modified:

2002-10-05 11:16 UTC

Votes:	2
Avg. Score:	3.5 ± 1.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	1 (50.0%)

From:

tilo at b-n-w dot org

Assigned:

Status:

Closed

Package:

Session related

PHP Version:

4.2.3

OS:

Linux 2.4.19

Private report:

CVE-ID:

None

View Developer Edit

[2002-09-18 11:17 UTC] tilo at b-n-w dot org

The following problem occurs:

session.save_path is set to /tmp

safe_mode is on

There are several virtual domains with their own
home directory (each has one).

The session Management does only work, if the safe_mode 
is off. It also works, when safe_mode is on and 
session.save_path is set to some place in one of this
home directories (but of course only for this virtual
domain, yes, I tried it). I can't understand, why 
safe_mode does influences the session management. I 
couldn't find any hint if this is by design.

It is not possible for me to have a separate 
session.safe_path for everyone.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2002-10-02 01:22 UTC] sas@php.net

You can put a 

php_value session.save_path "/where/your/customer/lives" 

into each <virtualhost> section of your web server config file.

[2002-10-02 04:02 UTC] tilo at b-n-w dot org

This seems not to be a solution, but a workaround.

It is not useful for a customer, who even has
problems to manage his website with a ftp-client, to
see scary silly session-files in his home-directory.

I think the behaviour of php, I mentioned, is not by design.
If you think, that it is a security flaw to have
one session.save_path for all, then this
behaviour would seem reasonable.

[2002-10-05 09:46 UTC] iliaa@php.net

Sorry, but the bug system is not the appropriate forum for asking
support questions. Your problem does not imply a bug in PHP itself.
For a list of more appropriate places to ask for help using PHP,
please visit http://www.php.net/support.php

Thank you for your interest in PHP.

Not a bug.
Inside your webserver config simply add a line 
php_value session.save_path "/where/your/customer/lives/sessions/"
and make a seperate 'sessions' directory inside each user's home directory where the session files would be stored.
That way not only will this work but not polute the user's home directory.

[2002-10-05 11:16 UTC] tilo at b-n-w dot org

Strange idea of software abstraction, but you are
the programmers.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Nov 30 22:00:01 2025 UTC