Location for session files in Apache/PHP
The default session.save_path
is set to ""
which will evaluate to your system's temp directory. See this comment at https://bugs.php.net/bug.php?id=26757 stating:
The new default for save_path in upcoming releaess (sic) will be the empty string, which causes the temporary directory to be probed.
You can use sys_get_temp_dir
to return the directory path used for temporary files
To find the current session save path, you can use
session_save_path()
— Get and/or set the current session save path
Refer to this answer to find out what the temp path is when this function returns an empty string.
Can you help me locate PHP session files?
session_save_path() - they have no extension, they are long string UID named files.
How to get my session to write to apache
Try changing your session save path in your php config file, /tmp is a good location.
php.ini
session.save_path = /tmp
http://www.php.net/manual/en/session.configuration.php#ini.session.save-path
cleanup php session files
To handle session properly, take a look at http://php.net/manual/en/session.configuration.php.
There you'll find these variables:
- session.gc_probability
- session.gc_divisor
- session.gc_maxlifetime
These control the garbage collector (GC) probability of running with each page request.
You could set those with ini_set() at the beginning of your script or .htaccess file so you get certainty to some extent they will get deleted sometime.
Handle lots of session files with apache2 and php
Sometimes the solution is easier than it might appear at first. Somehow I thought the PHP has to handle and manage the apache requests to the sessions directory tree. However the Apache does it on its own once the session:save_path has been changed.
1.) call this (modified) script ( http://snipplr.com/view/27710/modfilessh-php/ ) once via ssh:
*sh path/to/script/mod_files.sh path/to/sessions depth* (in my case: "mod_files.sh /tmp/sessions 1"
2.) doublecheck chown rights of new sessions directory tree
3.) change "session.save_path" to "1;/tmp/sessions"
Thanks for your help nevertheless!
Permissions to PHP session files
I just had this same problem. It appears to be a problem with the way Apache returns session data for IE7 and IE8, but most likely because IE7 and IE8 have an improper way of announcing the domain they're requesting session data for.
Here's my scenario:
Running Apache 1.3 with two domains, each has their own account with their own users:
Domain: mycompany.com
Session path: /tmp/
Webserver user: mycompanycom
Domain: support.mycompany.com
Session path: /tmp/
Webserver user: nobody
Here is what happens during a normal visit with Firefox/Safari/Chrome:
- I visit mycompany.com and session file is created in
/tmp/
owned by the usermycompanycom
. - I then visit support.mycompany.com, and second session file is created in
/tmp/
owned by usernobody
. - Apache doesn't get confused and the correct session files are returned
However, here's what happens during a visit with IE7 and IE8:
- I visit mycompany.com and session file is created in
/tmp/
owned by the usermycompanycom
. - I then visit support.mycompany.com and, instead of creating second session file in
/tmp/
owned by the usernobody
, Apache tries to return the session file for mycompany.com. - The session file for mycompany.com is owned by the user
mycompanycom
, so the web server, running as usernobody
cannot access it. Permission is denied.
The solution was, as others have suggested, to create a separate directory in /tmp/
to separate the stored session data for support.mycompany.com:
mkdir /tmp/mycompany
chown nobody:nobody /tmp/mycompany
I then added the following to an .htaccess
file in the root web directory for support.mycompany.com:
php_value session.save_path '/tmp/mycompany'
And finally, I removed any existing session data in /tmp/
to ensure the new session path would get used immediately:
rm -f /tmp/sess_*
And that's it! Now IE7 and IE8 work properly.
I'm fairly certain this problem has to do with how IE7 and IE8 request session data from Apache. They probably first request session data for mycompany.com and THEN request session data for support.mycompany.com, even though the latter was the only doman entered in the address bar.
Related Topics
Laravel Eloquent: Accessing Properties and Dynamic Table Names
What Rss Parser Should I Use in PHP
Send Email with a Template Using PHP
Check If String Is Just White Space
Best Way to Document Array Options in PHPdoc
Is It Important to Verify That the Uploaded File Is an Actual Image File
How to Load a PHP File into a Variable
PHP How to Go One Level Up on Dirname(_File_)
Group MySQL Results by Category and Display Them into Groups Under Each Category
Scrape Web Site Generated by JavaScript
Array Merge on Multidimensional Array
Stemming Algorithm That Produces Real Words
How to Get a Service from the Container Directly, If I Didn'T/Couldn't Inject the Service Using Di
Symfony Redirect with 2 Parameters
PHP Filter_Validate_Email Does Not Work Correctly
Shuffles Random Numbers with No Repetition in JavaScript/Php