From: spam2 at rhsoft dot net Operating system: Linux PHP version: 5CVS-2007-07-23 (snap) PHP Bug Type: Session related Bug description: Why have the session folder in open_basedir
Description: ------------ The Session-Save-Dir MUST NOT be in open_basedir because scripts must not read session files for security! And a failed session_start() have not to be fatal error too Warning: session_start() [function.session-start.php]: open_basedir restriction in effect. File(/var/www/sessiondata) is not within the allowed path(s): (/mnt/data/www/www.rhsoft.net:/mnt/data/www/phpincludes:/usr/share/pear:/var/www/uploadtemp) in /mnt/data/www/www.rhsoft.net/test.php on line 2 Fatal error: session_start() [<a href='http://at.php.net/manual/de/function.session-start.php'>function.session-start.php</a>]: Failed to initialize storage module: files (path: /var/www/sessiondata) in /mnt/data/www/www.rhsoft.net/test.php on line 2 Reproduce code: --------------- <?php session_start(); ?> Expected result: ---------------- A started session Actual result: -------------- A killed script -- Edit bug report at http://bugs.php.net/?id=42077&edit=1 -- Try a CVS snapshot (PHP 4.4): http://bugs.php.net/fix.php?id=42077&r=trysnapshot44 Try a CVS snapshot (PHP 5.2): http://bugs.php.net/fix.php?id=42077&r=trysnapshot52 Try a CVS snapshot (PHP 6.0): http://bugs.php.net/fix.php?id=42077&r=trysnapshot60 Fixed in CVS: http://bugs.php.net/fix.php?id=42077&r=fixedcvs Fixed in release: http://bugs.php.net/fix.php?id=42077&r=alreadyfixed Need backtrace: http://bugs.php.net/fix.php?id=42077&r=needtrace Need Reproduce Script: http://bugs.php.net/fix.php?id=42077&r=needscript Try newer version: http://bugs.php.net/fix.php?id=42077&r=oldversion Not developer issue: http://bugs.php.net/fix.php?id=42077&r=support Expected behavior: http://bugs.php.net/fix.php?id=42077&r=notwrong Not enough info: http://bugs.php.net/fix.php?id=42077&r=notenoughinfo Submitted twice: http://bugs.php.net/fix.php?id=42077&r=submittedtwice register_globals: http://bugs.php.net/fix.php?id=42077&r=globals PHP 3 support discontinued: http://bugs.php.net/fix.php?id=42077&r=php3 Daylight Savings: http://bugs.php.net/fix.php?id=42077&r=dst IIS Stability: http://bugs.php.net/fix.php?id=42077&r=isapi Install GNU Sed: http://bugs.php.net/fix.php?id=42077&r=gnused Floating point limitations: http://bugs.php.net/fix.php?id=42077&r=float No Zend Extensions: http://bugs.php.net/fix.php?id=42077&r=nozend MySQL Configuration Error: http://bugs.php.net/fix.php?id=42077&r=mysqlcfg
