tags:

views:

1136

answers:

4
Q: 

Permissions to PHP session files

Hi

I have a domain domain.com and subdomain sub.domain.com Those two domains have different ftp users (user1, user2) belonging to the same group (usergroup) on linux environment. Finally I have the same PHP application that uses sessions on both domains (one is live and other is testing environment).

When I go to domain.com without going first to sub.domain.com, PHP session file is created in default folder /tmp/ with proper permissions 600 and user1:usergroup, when I access sub.domain.com without going first to domain.com, a file is created with permissions 600 and user2:usergroup.

All is great for all browsers but IE (please do not focus on this). What I found out is that when I access sub.domain.com and then try domain.com PHP tries to read the same session file but has no permissions and page is loading indefinitely. Changing ownership of the file to user1 makes domain.com work but prevents sub.domain.com from working.

How to make Apache or PHP create different files for sessions or make them accessible from both domains.

P.S. Like I said for some weird reason this happens only for IE and the error message from PHP is: Uncaught PHP Error: session_start() [function.session-start]: open(/tmp/sess_t1..., O_RDWR) failed: Permission denied (13) in file xxx.php on line 46 on line on line 46 is session_start();

Thank you for any advice in this.

+2  A: 

Not sure if this is the best approach for your problem but you could try having PHP save session files in different directory for each domain.

Take a look on session_save_path() documentation.

Keep in mind that you must set it BEFORE initializing the session.
Ideally, that should be one of the first things your script does.

Carlos Lima  2009-05-26 19:15:00
Thanks, this seems to be solving a problem.I've set up session.save_path for subdomain to a different directory.
6bytes  2009-05-26 20:01:40
hmmm, actually something else is happening now. When I enter the site for the first time the session file gets created in new directory but when I close the browser and try to access it again it freezes again :(
6bytes  2009-05-26 20:10:29
Are you confident that the (current) freezing is coming from the session_start() call and not something else?
Carlos Lima  2009-05-26 20:34:49
A: 

Are you sure that IE is triggering the issue?

The browser does not have any direct access to the session files, only the PHP (HTTPD) process has access to the session files.

I do not see why one browser should give different error messages in the PHP log versus another.

I think you may be dealing with two separate issues.

mr-euro  2009-05-26 19:43:25
I have Google Chrome, Firefox, Safari, Opera, IE7 and IE8 standalone. Everything works perfectly in all browsers except for both IE. I know browser should not have any impact on session files, thats why I'm so clueless here.
6bytes  2009-05-26 19:59:35
I understand your frustration but I still can not see how browsers can influence the status of the sessions in the backend.Something else is playing up.
mr-euro  2009-05-26 20:24:24
A solution for your problem of sharing sessions may be to simply chmod to 660 as you said they belong to same group, they should be allowed to read/write each other's session files.
mr-euro  2009-05-26 20:27:06
+1  A: 

One solution is to add this to the .htaccess file of each subdomain:

php_value session.save_path '/path/to/a/writeable/folder'

Then ensure that each subdomain has permission to write to its own folder.

PatrikAkerstrand  2009-05-26 19:59:02
+1 Carlos Lima gave a similar answer to you but I think your solution is much cleaner because I believe this to be an environment problem rather than a scripting problem.
Luke  2009-05-26 22:36:05
A: 

I just had this same problem. It appears to be a problem with the way Apache returns session data for IE7 and IE8, but most likely because IE7 and IE8 have an improper way of announcing the domain they're requesting session data for.

Here's my scenario:

Running Apache 1.3 with two domains, each has their own account with their own users:

Domain: mycompany.com 
Session path: /tmp/
Webserver user: mycompanycom

Domain: support.mycompany.com 
Session path: /tmp/
Webserver user: nobody

Here is what happens during a normal visit with Firefox/Safari/Chrome:

  1. I visit mycompany.com and session file is created in /tmp/ owned by the user mycompanycom.
  2. I then visit support.mycompany.com, and second session file is created in /tmp/ owned by user nobody.
  3. Apache doesn't get confused and the correct session files are returned

However, here's what happens during a visit with IE7 and IE8:

  1. I visit mycompany.com and session file is created in /tmp/ owned by the user mycompanycom.
  2. I then visit support.mycompany.com and, instead of creating second session file in /tmp/ owned by the user nobody, Apache tries to return the session file for mycompany.com.
  3. The session file for mycompany.com is owned by the user mycompanycom, so the web server, running as user nobody cannot access it. Permission is denied.

The solution was, as others have suggested, to create a separate directory in /tmp/ to separate the stored session data for support.mycompany.com:

mkdir /tmp/mycompany
chown nobody:nobody /tmp/mycompany

I then added the following to an .htaccess file in the root web directory for support.mycompany.com:

php_value session.save_path '/tmp/mycompany'

And finally, I removed any existing session data in /tmp/ to ensure the new session path would get used immediately:

rm -f /tmp/sess_*

And that's it! Now IE7 and IE8 work properly.

I'm fairly certain this problem has to do with how IE7 and IE8 request session data from Apache. They probably first request session data for mycompany.com and THEN request session data for support.mycompany.com, even though the latter was the only doman entered in the address bar.

Raam Dev  2009-12-22 16:28:33
Really good explanation of the problem. I solved it by detecting the domain in PHP and changing session_save_path() accordingly.
6bytes  2009-12-23 11:33:55

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases