Issues with PHP 5.3 and sessions folder

PhpSession

Php Problem Overview

I recently upgraded to PHP 5.3 and since then I get (sporadic) error messages which indicate Apache (or may be the cleaner of the session files) has no permissions to the folder where the sessions are stored.
This happens randomly and can't be reproduced with exact steps, which led me to guess it is the session cleaner.
Any one has any experience with such errors?

The error message (which is fired on the session_start() line) is:

> ps_files_cleanup_dir: > opendir(/var/lib/php5) failed: > Permission denied.

ls -ltr on the session directory gives:

drwx-wx-wt  2 root          root          4096 2010-05-25 12:39 php5

Inside this directory I do see session files owned by www-data which is my Apache, and the app does work fine. Which makes me wonder, under which user does the session GC runs?

Php Solutions

Solution 1 - Php

The fix: In your php.ini set session.gc_probability to 0

The cause I believe I found the answer here http://somethingemporium.com/2007/06/obscure-error-with-php5-on-debian-ubuntu-session-phpini-garbage

Essentially, the garbage collection is set up to be done by cron jobs on some systems (i.e. Ubuntu/Debian). Some php ini executables like php-cli also try to do garbage collection and that results in the error you got.

Solution 2 - Php

This seems to be a typical error on Ubuntu servers (I'm using Lucid LTS). The default permissions of the /var/lib/php5 directory there are

drwx-wx-wt  2 root     root     4096 2011-11-04 02:09 php5

so it can be written but not read by the web server, I guess that explains the errors.

As Ubuntu has it's own garbage cleaning via cron (/etc/cron.d/php5), it's probably best to disable php's garbage collection as suggested above by Diwant Vaidya.

session.gc_probability = 0

There's actually a reason the session folder should not be world readable - as the PHP Manual says:

> If you leave this set to a world-readable directory, such as /tmp (the > default), other users on the server may be able to hijack sessions by > getting the list of files in that directory.

Solution 3 - Php

The solution I currently use (which I am not sure is the correct one) is to give ownership on the session folder to the Apache user (www-data in my case).

Solution 4 - Php

This issue has been bugging me for a while. I changed the value as suggested in php.ini and the issue kept occurring. I found the same config value in my index.php and also private/Zend/session.php. So it's worth looking a bit deeper if the issue keeps occurring. I hope this is useful for someone.

Categories
Recommended Php Solutions
Recommended Session Solutions

Previous Solution:

VB.NET equivalent for C# 'dynamic' with Option Strict On

C#vb.netDynamicOption Strict

Next Solution:

git merge different repositories?

GitGit Svn

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionItay Moav -MalimovkaView Question on Stackoverflow
Solution 1 - PhpDiwant VaidyaView Answer on Stackoverflow
Solution 2 - PhpMarie FischerView Answer on Stackoverflow
Solution 3 - PhpItay Moav -MalimovkaView Answer on Stackoverflow
Solution 4 - PhpChrisFNZView Answer on Stackoverflow