#43819 [Opn->Fbk]: php loosing local session.save_path

jani Mon, 04 Feb 2008 16:26:14 -0800

 ID:               43819
 Updated by:       [EMAIL PROTECTED]
 Reported By:      fxbois at gmail dot com
-Status:           Open
+Status:           Feedback
 Bug Type:         Session related
 Operating System: RHEL3
 PHP Version:      5.2.5
 New Comment:


Are you by any chance using php_admin_value / php_value anywhere in
your  httpd.conf / .htaccess files? And if so, are you using those to
set different session.save_path?


Previous Comments:
------------------------------------------------------------------------

[2008-01-12 17:49:05] fxbois at gmail dot com

I have in my php.ini file the value :
session.save_path = "/tmp"

When I try to change this value in a php script with
session_save_path() 
the new value is not kept and the session.save_path still contains
"/tmp".

session_save_path("2;0777;web/tmp");
error_log(session_save_path()); 
// /tmp appears instead of 2;0777;web/tmp

What is strange is that this bad behaviour only appears a few minutes
after an apache restart.  

I tried many night build (5.2.6) with no success. I am sure that this
behaviour appeared with 5.2.5.

I can try patches if you want.

Hope this new comment will help. This bug is very very annoying on a
shared server.

tia

------------------------------------------------------------------------

[2008-01-11 14:14:01] fxbois at gmail dot com

Description:
------------
Hi,

I want to report that PHP 5.2.5 loose the local session.save_path. I
set it with session_save_path() but just after, when I look at its
value, it contains the master value instead of the value just setted.

This happens after a short period of time. (Just after restrating
apache  everything works fine).

It is a big security problem in my opinion.

System :
- Red Hat Enterprise Linux ES release 3 (Taroon Update 8)
- PHP 5.2.5
- Apache/2.0.46

Reproduce code:
---------------
// master value is /home/.tmp

$new = '2;0777;web/tmp';
session_save_path($new);
echo session_save_path();


Expected result:
----------------
2;0777;web/tmp

Actual result:
--------------
/home/.tmp


------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=43819&edit=1

#43819 [Opn->Fbk]: php loosing local session.save_path

Reply via email to