I’m trying to lock down Piwik, but I can’t get rid of “save_path is disabled, or is set to a common world-writable directory”.
In php.ini I have the following configured:
session.save_path = “/usr/share/nginx/sessions”
This is a folder readable by the www-data user, it is not inside the web folder (not accessible from the web). What is the recommended setting for getting a passing grade on the save_path test really?