Hello Florian !
But as we hardened our server, we setup an own php-fpm pool for phpmyadmin and changed the save_path to /var/lib/phpmyadmin/tmp. It seems like that it is our own created problem and we do need scripting on our end to clean these files ;)
As I was re-reading this, be sure to not use the same directory as the tmp directory of phpMyAdmin.
- It could get wiped out at any time - Some phpMyAdmin code can access it and leak sessionsThis will get better with phpMyAdmin 6.0, see: https://bugs.debian.org/bug=583588 Most probably I will try to process this bug report while packaging phpMyAdmin 6.0.
But be sure the directory is not in open_basedir for security reasons that will be better.
At least this part of the bug report is actually valid ;)
Indeed -- William
signature.asc
Description: OpenPGP digital signature
