diff -up CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix CherryPy-2.2.1/cherrypy/filters/sessionfilter.py
--- CherryPy-2.2.1/cherrypy/filters/sessionfilter.py.sessionfix 2008-01-06 08:54:39.000000000 -0800
+++ CherryPy-2.2.1/cherrypy/filters/sessionfilter.py 2008-01-06 08:55:31.000000000 -0800
@@ -326,6 +326,8 @@ class FileStorage:
raise SessionStoragePathNotConfiguredError()
fileName = self.SESSION_PREFIX + id
file_path = os.path.join(storage_path, fileName)
+ if not os.path.normpath(filePath).startswith(storagePath):
+ raise cherrypy.HTTPError(400, "Invalid session id in cookie.")
return file_path
def _lock_file(self, path):