Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Issues with PHP 5.3 and sessions folder

Tags:

php

session

I recently upgraded to PHP 5.3 and since then I get (sporadic) error messages which indicate Apache (or may be the cleaner of the session files) has no permissions to the folder where the sessions are stored.
This happens randomly and can't be reproduced with exact steps, which led me to guess it is the session cleaner.
Any one has any experience with such errors?

The error message (which is fired on the session_start() line) is:

ps_files_cleanup_dir: opendir(/var/lib/php5) failed: Permission denied.

ls -ltr on the session directory gives:

drwx-wx-wt  2 root          root          4096 2010-05-25 12:39 php5

Inside this directory I do see session files owned by www-data which is my Apache, and the app does work fine. Which makes me wonder, under which user does the session GC runs?

like image 587
Itay Moav -Malimovka Avatar asked May 25 '10 13:05

Itay Moav -Malimovka

2 Answers

The fix: In your php.ini set session.gc_probability to 0

The cause I believe I found the answer here http://somethingemporium.com/2007/06/obscure-error-with-php5-on-debian-ubuntu-session-phpini-garbage

Essentially, the garbage collection is set up to be done by cron jobs on some systems (i.e. Ubuntu/Debian). Some php ini executables like php-cli also try to do garbage collection and that results in the error you got.

like image 182
Diwant Vaidya Avatar answered Oct 31 '22 03:10

Diwant Vaidya

This seems to be a typical error on Ubuntu servers (I'm using Lucid LTS). The default permissions of the /var/lib/php5 directory there are 

drwx-wx-wt  2 root     root     4096 2011-11-04 02:09 php5

so it can be written but not read by the web server, I guess that explains the errors.

As Ubuntu has it's own garbage cleaning via cron (/etc/cron.d/php5), it's probably best to disable php's garbage collection as suggested above by Diwant Vaidya.

session.gc_probability = 0

There's actually a reason the session folder should not be world readable - as the PHP Manual says:

If you leave this set to a world-readable directory, such as /tmp (the default), other users on the server may be able to hijack sessions by getting the list of files in that directory.

like image 28
Marie Fischer Avatar answered Oct 31 '22 03:10

Marie Fischer
Sign in to Comment

Related questions

Java equivalent of PHP's implode(',' , array_filter( array () ))
How to check which PHP extensions have been enabled/disabled in Ubuntu Linux 12.04 LTS?
Optimizing Kohana-based Websites for Speed and Scalability
What is the best way to upload and store pictures on the site?
Extension gd is missing from your system - laravel composer Update
Composer throws [ReflectionException] Class Fxp\Composer\AssetPlugin\Repository\NpmRepository does not exist
Is there a simple PHP development server? [closed]
What is the best way to read last lines (i.e. "tail") from a file using PHP?
Convert time in HH:MM:SS format to seconds only?
php: check if an array has duplicates
How can one run multiple versions of PHP 5.x on a development LAMP server?
Command Line Password Prompt in PHP
How to create and use nonces
Does PHP have an equivalent to Python's list comprehension syntax?
Error message "Strict standards: Only variables should be passed by reference"
PHP curly brace syntax for member variable
Use keyword in functions - PHP [duplicate]
Global or Singleton for database connection?
When to use Redis instead of MySQL for PHP applications?
How To Run PHP From Windows Command Line in WAMPServer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!