CakePHP ini_set on Shared Host

Question

I'm on a shared host and ini_set function is disabled for security reasons. I'm trying to deploy CakePHP 2.4.1 on this host. Fresh cake installation results in a blank page, with no errors shown, instead if I comment these lines:

\lib\Cake\Model\Datasource\CakeSession.php

if (empty($_SESSION)) {
            if (!empty($sessionConfig['ini']) && is_array($sessionConfig['ini'])) {
                foreach ($sessionConfig['ini'] as $setting => $value) {
                    if (ini_set($setting, $value) === false) {
                        throw new CakeSessionException(__d('cake_dev', 'Unable to configure the session, setting %s failed.', $setting));
                    }
                }
            }
        }

Everything seems to works fine. Now, I'm asking what is the downside of keeping that snippets commented (in other word, what is that code responsible for)?

Answer 1

As the exception message, the method name and the rest of the code indicates, it configures the session settings, session name, cookie lifetime, save handler, etc...

Your code may run fine, and you should be able to use the PHP session_*() functions instead to configure the settings (the best place for that would probably your bootstrap.php). Also writing a dummy value into $_SESSION seems to prevent the CakeSession::_configureSession() to use ini_set(), so you don't have to modify it.

So this might work, but it shouldn't be necessary to jump through such hoops. There's no need to disable ini_set() in a properly set up shared hosting environment, and personally I'd change the hoster in case they are unable to change this behaviour.