Page 1 of 1

Strange Session Permission Problem

Posted: Wed Mar 10, 2004 5:54 am
by aladdinsane
Hi,

I'm having a problem with sessions. I have included 2 code examples that display the problem I am having in the most simple way possible. These are not the actual files I am running but they give the exact same problem.

The first file test.php:

Code: Select all

<?php
session_start();
header("Location: testresult.cgi");
?>
The second file testresult.cgi

Code: Select all

#!/usr/bin/php
<?php
session_start();
echo "Hello it worked!";
?>
When I run the first file it redirects to the second and I get this error:

Warning: session_start(): open(/tmp/sess_c5ef8a7dca7d280681a5ad2411753c2a, O_RDWR) failed: Permission denied (13) in /home/friendsh/public_html/dev/testresult.cgi on line 3

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/friendsh/public_html/dev/testresult.cgi:3) in /home/friendsh/public_html/dev/testresult.cgi on line 3

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/friendsh/public_html/dev/testresult.cgi:3) in /home/friendsh/public_html/dev/testresult.cgi on line 3
Hello it worked!
Warning: Unknown(): open(/tmp/sess_c5ef8a7dca7d280681a5ad2411753c2a, O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0

But if I run the second file testresult.cgi directly I do not get this error at all and the file runs as it should. It seems to be a problem with the header location redirect.

Has anyone got any ideas how I can prevent this problem?

Cheers

Keith

Posted: Wed Mar 10, 2004 7:26 am
by aladdinsane
Hi,

A quick not on my previous post.

If I make the second file testresult.php and remove the line:

#!/usr/bin/php

It all works fine. I can't do this though because my script needs to be a cgi file run in this way to work. The problem seems to be related to session_start() in a CGI file after a redirect.

Cheers

Keith

Posted: Wed Mar 10, 2004 7:27 am
by markl999
Well the first file will create a session file owned by the user the webserver (apache etc) is running as. If you run the second one directly, then check the latest session file created in /tmp , who owns that one? Maybe the second one is created with diferent ownership/permissions than the first one due to the shebang ?

Posted: Wed Mar 10, 2004 7:30 am
by aladdinsane
Hi,

Thats a good point. The CGI script is set-up to run under cgi-wrap which I think means it is running as ME whereas the php script will be running as the server.

I cannot check the tmp folder as I am on a shared server and I assume that this folder is relative to the server root i.e. outside my webspace.

Do you think that if the server admin set-up the permissions on the /tmp folder to 777 it may cure my problem?

Cheers

Keith

Posted: Wed Mar 10, 2004 7:46 am
by markl999
The tmp folder should already be read/writeable for everyone, i thing the problem is the actual permissions on the session file itself. If you have shell access you can easily test as an 'ls -lart /tmp' should let you view the files. But yeah, it depends on how the server is set up specifically.

Posted: Wed Mar 10, 2004 7:51 am
by aladdinsane
Hi,

Yes from doing some tests on changing the session_save_path I can see this is the problem.

Would I be able to work around this by using a database to store the session info instead of files?

Cheers

Keith

Posted: Wed Mar 10, 2004 7:57 am
by markl999
Yeah, a custom session handler might be the best option. I tend to store sessions in a db by default anyway.

Posted: Thu Mar 11, 2004 6:25 am
by aladdinsane
Hi,

Thanks for your help Mark.

I went with the storing of the sessions in a database. I'm not at the level of writing my own session handling functions so I used:

PHP4 Session Handler using ADOdb

from here: http://php.weblogs.com/adodb-sessions

Now everything work perfectly!

May I ask what you use for DB session handling? Have you wrote your own functions or used a publicly available solution like me?

Thanks again

Keith