#40464 [NEW]: Session.save_path wont use default-value

benni at gniza dot org · benni at gniza dot org

From: benni at gniza dot org
Operating system: SuSE 9.3
PHP version: 5.2.1
PHP Bug Type: *Configuration Issues
Bug description: Session.save_path wont use default-value

Description:
------------
I can approve the behavior of BUG-ID 40434

Sessions won't work without setting a session.save_path explicitly! If you
just comment the session.save_path-line you get the error:

====
SAFE MODE Restriction in effect. The script whose uid is XZY is not
allowed to access owned by uid 0 in [Scriptname:Line of session_start()]
====

This behavior is either a bug or the manual is wrong.

Quote from the manual:
==
session.save_path defines [...]. Defaults to /tmp.
==

If I explicitly set the save_path (to /tmp or somewhere else) all is
okay!

Greetings Benjamin

--
Edit bug report at [url]http://bugs.php.net/?id=40464&edit=1[/url]
--
Try a CVS snapshot (PHP 4.4): [url]http://bugs.php.net/fix.php?id=40464&r=trysnapshot44[/url]
Try a CVS snapshot (PHP 5.2): [url]http://bugs.php.net/fix.php?id=40464&r=trysnapshot52[/url]
Try a CVS snapshot (PHP 6.0): [url]http://bugs.php.net/fix.php?id=40464&r=trysnapshot60[/url]
Fixed in CVS: [url]http://bugs.php.net/fix.php?id=40464&r=fixedcvs[/url]
Fixed in release: [url]http://bugs.php.net/fix.php?id=40464&r=alreadyfixed[/url]
Need backtrace: [url]http://bugs.php.net/fix.php?id=40464&r=needtrace[/url]
Need Reproduce Script: [url]http://bugs.php.net/fix.php?id=40464&r=needscript[/url]
Try newer version: [url]http://bugs.php.net/fix.php?id=40464&r=oldversion[/url]
Not developer issue: [url]http://bugs.php.net/fix.php?id=40464&r=support[/url]
Expected behavior: [url]http://bugs.php.net/fix.php?id=40464&r=notwrong[/url]
Not enough info: [url]http://bugs.php.net/fix.php?id=40464&r=notenoughinfo[/url]
Submitted twice: [url]http://bugs.php.net/fix.php?id=40464&r=submittedtwice[/url]
register_globals: [url]http://bugs.php.net/fix.php?id=40464&r=globals[/url]
PHP 3 support discontinued: [url]http://bugs.php.net/fix.php?id=40464&r=php3[/url]
Daylight Savings: [url]http://bugs.php.net/fix.php?id=40464&r=dst[/url]
IIS Stability: [url]http://bugs.php.net/fix.php?id=40464&r=isapi[/url]
Install GNU Sed: [url]http://bugs.php.net/fix.php?id=40464&r=gnused[/url]
Floating point limitations: [url]http://bugs.php.net/fix.php?id=40464&r=float[/url]
No Zend Extensions: [url]http://bugs.php.net/fix.php?id=40464&r=nozend[/url]
MySQL Configuration Error: [url]http://bugs.php.net/fix.php?id=40464&r=mysqlcfg[/url]

iliaa@php.net · iliaa@php.net

ID: 40464
Updated by: [email]iliaa@php.net[/email]
Reported By: benni at gniza dot org
-Status: Open
+Status: Assigned
Bug Type: *Configuration Issues
Operating System: SuSE 9.3
PHP Version: 5.2.1
-Assigned To:
+Assigned To: iliaa

Previous Comments:
------------------------------------------------------------------------

[2007-02-13 15:39:01] benni at gniza dot org

Description:
------------
I can approve the behavior of BUG-ID 40434

Sessions won't work without setting a session.save_path explicitly! If
you just comment the session.save_path-line you get the error:

====
SAFE MODE Restriction in effect. The script whose uid is XZY is not
allowed to access owned by uid 0 in [Scriptname:Line of
session_start()]
====

This behavior is either a bug or the manual is wrong.

Quote from the manual:
==
session.save_path defines [...]. Defaults to /tmp.
==

If I explicitly set the save_path (to /tmp or somewhere else) all is
okay!

Greetings Benjamin

------------------------------------------------------------------------

--
Edit this bug report at [url]http://bugs.php.net/?id=40464&edit=1[/url]

iliaa@php.net · iliaa@php.net

ID: 40464
Updated by: [email]iliaa@php.net[/email]
Reported By: benni at gniza dot org
-Status: Assigned
+Status: Closed
Bug Type: *Configuration Issues
Operating System: SuSE 9.3
PHP Version: 5.2.1
Assigned To: iliaa
New Comment:

This bug has been fixed in CVS.

Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
[url]http://snaps.php.net/[/url].

Thank you for the report, and for helping us make PHP better.

Previous Comments:
------------------------------------------------------------------------

[2007-02-13 15:39:01] benni at gniza dot org

Description:
------------
I can approve the behavior of BUG-ID 40434

Sessions won't work without setting a session.save_path explicitly! If
you just comment the session.save_path-line you get the error:

====
SAFE MODE Restriction in effect. The script whose uid is XZY is not
allowed to access owned by uid 0 in [Scriptname:Line of
session_start()]
====

This behavior is either a bug or the manual is wrong.

Quote from the manual:
==
session.save_path defines [...]. Defaults to /tmp.
==

If I explicitly set the save_path (to /tmp or somewhere else) all is
okay!

Greetings Benjamin

------------------------------------------------------------------------

--
Edit this bug report at [url]http://bugs.php.net/?id=40464&edit=1[/url]

#40464 [NEW]: Session.save_path wont use default-value

Thread Tools

Display

#40464 [NEW]: Session.save_path wont use default-value

Similar Questions and Discussions

#25574 [Bgs]: empty session.save_path = problem (session.use_only_cookies = 1)

#25574 [Opn->Bgs]: empty session.save_path = problem (session.use_only_cookies = 1)

#25574 [Opn]: empty session.save_path = problem (session.use_only_cookies = 1)

#25574 [NEW]: empty session.save_path = problem (session.use_only_cookies = 1)

session.save_path is a big security hole!

#40464 [Opn->Asn]: Session.save_path wont use default-value

#40464 [Asn->Csd]: Session.save_path wont use default-value

Posting Permissions