|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #37627 session_save_directory checks wrong directory in safe mode
Submitted: 2006-05-29 12:34 UTC Modified: 2006-12-04 15:20 UTC
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:1 (100.0%)
From: bla at cs dot huji dot ac dot il Assigned:
Status: Closed Package: Session related
PHP Version: 5.1.4 OS: freebsd 6.1
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please !
Your email address:
Solve the problem:
3 + 19 = ?
Subscribe to this entry?

 [2006-05-29 12:34 UTC] bla at cs dot huji dot ac dot il
When I run this command:


I get:

session_save_path() [function.session-save-path]: SAFE MODE Restriction in effect. The script whose uid is 24713 is not allowed to access /var/spool

The information in the message is correct but I suppose the function should check /var/spool/sessions, not /var/spool. (note that /var/spool/session exists and has the right permissions so there's no need to modify /var/spool).

Probably the OnUpdateSaveDir() function in session.c should give a different flag to php_checkuid().


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2006-05-29 12:46 UTC]
>Note that /var/spool/session exists and has the right
> permissions so there's no need to modify /var/spool).

/var/spool/session or /var/spool/sessions ?
What if try this:
session_save_path("/var/spool/sessions/"); ?
 [2006-05-30 07:38 UTC] bla at cs dot huji dot ac dot il
This is the 3rd time I write this reply, it keeps disappearing after I submit it. Anyway:

Appending a '/' to the path fixes the problem, thanks.

However it should work even without a trailing '/' just like any other path related setting.
 [2006-12-04 15:20 UTC]
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
Thank you for the report, and for helping us make PHP better.

PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Jul 21 05:01:30 2024 UTC