Bug#474557: phpmyadmin: overriding session names could break up hashing session files to directories

Sun, 06 Apr 2008 07:16:54 -0700 

Package: phpmyadmin
Version: 4:2.9.1.1-6
Severity: normal


Hello.

Enabling hashing session files to directories[1] with default php
configuration requires creating a directory hierarchy[2] for them.

Phpmyadmin enforces different session names[3] than configured by
sysadmin, but does use default directory and hashing depth. So if
sysadmin creates hierarchy for his session naming scheme, phpmyadmin
will fail creating (some) of the session files because no directories
[G-Zg-z] (and maybe more?) exist in the directory tree.

IMO phpmyadmin should honor session settings in the main php.ini or
allow this behaviour to be configured by debconf (along with its own
session directory).

[1] accomplished by setting session.save_path="2;/var/lib/php5" in
        /etc/php5/apache2/php.ini
  - session name: sess_a1765f9b22bc2e2c2b672f4ab34a3199
  - is stored as /var/lib/php5/a/1/sess_a1765f9b22bc2e2c2b672f4ab34a3199
[2] with default php setting sessions are hashed to hex-digit
        directories (session.hash_bits_per_character = 4)
[3] /usr/share/phpmyadmin/libraries/session.inc.php:66

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (199, 'testing')
Architecture: i386 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-xen-amd64
Locale: LANG=en, LC_CTYPE=en (charmap=UTF-8) (ignored: LC_ALL set to 
en_US.UTF-8)

Versions of packages phpmyadmin depends on:
ii  debconf [debconf-2.0]    1.5.11etch1     Debian configuration management sy
ii  libapache-mod-php4       6:4.4.4-8+etch4 server-side, HTML-embedded scripti
ii  libapache2-mod-php5      5.2.0-8+etch10  server-side, HTML-embedded scripti
ii  perl                     5.8.8-7etch1    Larry Wall's Practical Extraction 
ii  php4                     6:4.4.4-8+etch4 server-side, HTML-embedded scripti
ii  php4-cgi                 6:4.4.4-8+etch4 server-side, HTML-embedded scripti
ii  php4-mysql               6:4.4.4-8+etch4 MySQL module for php4
ii  php5-cgi                 5.2.0-8+etch10  server-side, HTML-embedded scripti
ii  php5-mysql               5.2.0-8+etch10  MySQL module for php5
ii  ucf                      2.0020          Update Configuration File: preserv

Versions of packages phpmyadmin recommends:
ii  apache2                  2.2.3-4+etch4   Next generation, scalable, extenda
ii  apache2-mpm-prefork [htt 2.2.3-4+etch4   Traditional model for Apache HTTPD
ii  php4-gd                  6:4.4.4-8+etch4 GD module for php4
ii  php5-gd                  5.2.0-8+etch10  GD module for php5
ii  php5-mcrypt              5.2.0-8+etch10  MCrypt module for php5

-- debconf-show failed (but root didn't)
  phpmyadmin/setup-password: (password omitted)
  phpmyadmin/setup-username: admin
* phpmyadmin/reconfigure-webserver:
  phpmyadmin/restart-webserver: false



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to