php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #43564 Using session_save_path('2;0777;/some/path') does not persist through script
Submitted: 2007-12-11 12:58 UTC Modified: 2008-02-21 01:00 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:1 of 1 (100.0%)
Same Version:1 (100.0%)
Same OS:0 (0.0%)
From: fxbois at gmail dot com Assigned:
Status: No Feedback Package: Session related
PHP Version: 5.2.5 OS: rhas 3
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2007-12-11 12:58 UTC] fxbois at gmail dot com
Description:
------------
Hi,

I just realised that sometime the function session_save_path() stops working. I set the session_path with session_save_path() and just a few lines after the session_path contains the value setted in php.ini.

But one more time, it is not always the case.

Menawhile, each time I restart apache, the session_path is good again during some minutes (or hours) ...



It seems that the bug appeared with 5.2.5 ... 

TIA

Reproduce code:
---------------
$path = '2;0777;var/session'; 
session_save_path($path);
error_log(session_save_path()); 

Expected result:
----------------
2;0777;var/session

Actual result:
--------------
/tmp/session

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2007-12-11 16:08 UTC] iliaa@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows (zip):
 
  http://snaps.php.net/win32/php5.2-win32-latest.zip

For Windows (installer):

  http://snaps.php.net/win32/php5.2-win32-installer-latest.msi

Works fine here.

What is the return value of session_save_path() on the first call?
 [2007-12-12 09:18 UTC] fxbois at gmail dot com
When I restart apache ... session_save_path() returns /tmp/session which is normal
 [2007-12-12 09:34 UTC] fxbois at gmail dot com
PHP 5.2.6-dev seems to correct the bug.

It can be a pretty serious security problem (session files end in a bad directory). I hope you will release a new version soon.

Could you explain in a few words what bugs have you resolved which linked to the sessions ?
 [2007-12-13 00:18 UTC] iliaa@php.net
This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
 
Thank you for the report, and for helping us make PHP better.


 [2007-12-14 09:47 UTC] fxbois at gmail dot com
Sorry,

it has taken more time but PHP still ignore session_save_path() after "some" time.

What can I test ?
I give you more information about my system 
- Red Hat Enterprise Linux ES release 3 (Taroon Update 8)
- apache 2.0.46
 [2008-02-13 18:41 UTC] jani@php.net
Do you by any chance try changing PHP ini values using php_value/php_admin_value in httpd.conf or .htacces files?
 [2008-02-21 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Sat Dec 14 05:01:23 2019 UTC