Magento2设置会破坏会话并注销

So I installed Magento 2.0.5 CE on a nginx machine. All went smoothly. I am now able to log in to admin panel and browse around.

But as soon as i visit http://example.com/setup it redirects me to ../setup/index.php/session/unlogin, displaying the message "Access denied." and destroys the current session, forcing me to re-login to admin panel. Even after clearing all cache, restarting nginx and repeating above steps, same happens. Kinda stuck here now..

2016/04/29 06:41:47 [error] 4808#0: *188 FastCGI sent in stderr: "Access to the script '/var/www/magento/setup/index.php/session/unlogin' has been denied (see security.limit_extensions)" while reading response header from upstream, client: *.*.*.246, server: example.com, request: "GET /setup/index.php/session/unlogin HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.example.com"
2016/04/29 06:41:48 [error] 4808#0: *188 FastCGI sent in stderr: "Access to the script '/var/www/magento/setup/index.php/session/unlogin' has been denied (see security.limit_extensions)" while reading response header from upstream, client: *.*.*.246, server: example.com, request: "GET /setup/index.php/session/unlogin HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "www.example.com"

Tried changing /etc/php5/fpm/pool.d/www.conf from

; security.limit_extensions = .php .php3 .php4 .php5

to

security.limit_extensions = .php .php3 .php4 .php5

No luck :(

HELP!

Changing

cgi.fix_pathinfo=0

to

cgi.fix_pathinfo=1

inside php.ini solved the issue. However I will avoid using this option and wait if anyone has a more secure solution.