Edit report at http://bugs.php.net/bug.php?id=25887&edit=1
ID: 25887 Updated by: [email protected] Reported by: john at scl dot co dot uk Summary: session.save_path should respect open_basedir -Status: Open +Status: Closed Type: Feature/Change Request -Package: Feature/Change Request +Package: *General Issues Operating System: linux PHP Version: 4.3.3 -Assigned To: +Assigned To: johannes Block user comment: N Private report: N New Comment: This is the case meanwhile Previous Comments: ------------------------------------------------------------------------ [2003-10-16 11:24:41] john at scl dot co dot uk Description: ------------ Surely either: session.save_path should respect open_basedir OR (but not so good) session.save_path should be a php_admin_value rather than just a php_value as at present. With proper configuration one can then prevent session hijacking. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/bug.php?id=25887&edit=1
