|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #25574 empty session.save_path = problem (session.use_only_cookies = 1)
Submitted: 2003-09-17 10:04 UTC Modified: 2003-09-18 02:11 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: markus dot welsch at suk dot de Assigned:
Status: Not a bug Package: Session related
PHP Version: 4.3.3 OS: Linux 2.4.22 (Debian 3.0r1)
Private report: No CVE-ID:
 [2003-09-17 10:04 UTC] markus dot welsch at suk dot de
When using sessions and having session.save_path to an empty value the session data won't be saved - even if session.use_only_cookies = 1

When session.save_path is specified it works fine.

Reproduce code:


        print "Session-ID: ".session_id()."<br>";
        $_SESSION['test'] = "example";


Expected result:
Session-ID: c0b505ac52883be84dd9681fc6e84c50
Array ( [test] => example ) 

Actual result:
Session-ID: c0b505ac52883be84dd9681fc6e84c50
Array ( )


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2003-09-17 10:17 UTC] markus dot welsch at suk dot de
Of course you have to reload after the 1st execution otherwise it's of no use :-)
 [2003-09-17 18:34 UTC]
Thank you for taking the time to write to us, but this is not
a bug. Please double-check the documentation available at and the instructions on how to report
a bug at

How can you expect sessions to work if PHP cannot safe the corresponding session data?
 [2003-09-18 02:11 UTC] markus dot welsch at suk dot de
Well it does NOT write to a file if a path is given and it should save to cookies like described, so why do you require to set this ?

Either the PHP itself or the documentation should be updated at least :-)
 [2004-02-18 01:57 UTC] unknown at simplemachines dot org

PHP, as described in the manual, saves session data to files in a temporary directory. (unless an alternate handler is used...)  The cookie option is there to let the client know their ID and only their ID, which is used to access these files.

The option you describe, session.use_only_cookies, means it will not take session id's passed via GET. (like ?PHPSESSID=1234567890abcdef1234567890abcdef)

However, I do agree that not having session.save_path set should work; just like not having upload_tmp_dir set.  If you agree, please see my bug report here:

Thank you,
PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Oct 10 18:01:30 2015 UTC