I've been banging my head for hours for this strange issue. My Magento shows me the error:

Exception #0 (Exception): Warning: ini_set() has been disabled for security reasons 
/path/to/vendor/magento/framework/Session/SessionManager.php 
on line 598

Here's what line 598 looks like:

598: $result = ini_set('session.use_only_cookies', '1');

Here comes the strange part. When I add following just above this line 598:

597: echo ini_get('disable_functions');die;
598: $result = ini_set('session.use_only_cookies', '1');

I get this:

passthru,shell_exec,system

There's no ini_set in this list of disabled functions, yet somehow Magento manages to consider it blocked for "Security Reasons"...

I have checked all possible PHP configurations on the server. ini_set() is NOT blocked anywhere. This is giving me a tough time.

What's going on?

Edit 1

I created a test script, outside Magento with the following:

var_dump(ini_set('display_errors', 'Off'));
var_dump(ini_get('display_errors') );

Here's what I get whatever ini value I set...

NULL string(0) ""

CodePudding user response：

Your hosting provider has enabled some kind of security measures beyond those built into PHP.

My first guess was the delightfully named Snuffleupagus. Among many other things, it features comprehensive control of ini settings and the ability to block function calls in a very granular way. On the other hand, I don't see anything in there about disabling phpinfo(), which you said didn't display anything; and your error message suggests the function was converted to a no-op with a Warning, rather than an error. (Which Magento then promoted to an exception.)

Either way, there's very likely nothing you can do about it, other than contact your hosting provider.