From d119a57899ca22326d8b64af7fdc6a76a90cb501 Mon Sep 17 00:00:00 2001
From: jim winstead <jimw@php.net>
Date: Tue, 23 Jan 2001 02:03:35 +0000
Subject: [PATCH] add warning about having a world-readable sessions.save_path

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@40013 c90b9560-bf6c-de11-be94-00142212c4b1
---
 functions/session.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/functions/session.xml b/functions/session.xml
index eedbccc4b3..1f5e9b9253 100644
--- a/functions/session.xml
+++ b/functions/session.xml
@@ -184,6 +184,14 @@ To continue, &lt;A HREF="nextpage.php?&lt;?=SID?&gt;"&gt;click here&lt;/A&gt;
        handler, this is the path where the files are created.
        Defaults to <literal>/tmp</literal>.
       </simpara>
+      <warning>
+       <para>
+        If you leave this set to a world-readable directory, such as
+        <filename>/tmp</filename> (the default), other users on the
+        server may be able to hijack sessions by getting the list of
+        files in that directory.
+       </para>
+      </warning>
      </listitem>
      <listitem>
       <simpara>