From: john at scl dot co dot uk Operating system: linux PHP version: 4.3.3 PHP Bug Type: Feature/Change Request Bug description: session.save_path should respect open_basedir
Description: ------------ Surely either: session.save_path should respect open_basedir OR (but not so good) session.save_path should be a php_admin_value rather than just a php_value as at present. With proper configuration one can then prevent session hijacking. -- Edit bug report at http://bugs.php.net/?id=25887&edit=1 -- Try a CVS snapshot (php4): http://bugs.php.net/fix.php?id=25887&r=trysnapshot4 Try a CVS snapshot (php5): http://bugs.php.net/fix.php?id=25887&r=trysnapshot5 Fixed in CVS: http://bugs.php.net/fix.php?id=25887&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=25887&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=25887&r=needtrace Try newer version: http://bugs.php.net/fix.php?id=25887&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=25887&r=support Expected behavior: http://bugs.php.net/fix.php?id=25887&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=25887&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=25887&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=25887&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=25887&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=25887&r=dst IIS Stability: http://bugs.php.net/fix.php?id=25887&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=25887&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=25887&r=float