本地php.ini sessions.save_path问题 - 会话无法识别
I have a client who is running a user management script. The host provider had blocked allow_url_fopen but is using suPHP so we created a local copy of php.ini with allow_url_fopen set to "on".
The only problem now is that you can no longer login to using the script - it says 'success logging you in' - then logs you right out (because the sessions are either not getting created or are in the wrong place - excuse my lack server knowledge).
Here are the settings in the local php.ini
upload_tmp_dir = "/home/aspac124/public_html/tmp"
register_globals = On
memory_limit = 256M
session.save_path = "/home/aspac124/public_html/tmp"
safe_mode = off
upload_max_filesize = 32M
allow_url_fopen = On
zend_extension = "/usr/local/IonCube/ioncube_loader_lin_5.3.so"
I'm not sure why the hosting provider turned register_globals on for the client. But is that the correct place for the session.save_path? I've checked and the folder exists and I also set it to 777 just to make sure but no happiness.
Another client using the same system had a similar issue and told me he changed the tmp/ folder to his home directory and everything was fine.
I've tried to put the save path as just /tmp, /home/aspac124/tmp and nothing happens - just get logged out as normal. If I make up a path then I get a "No such file or directory" error.
When I put it as "/home/tmp" I get the following message
Warning: session_start() [function.session-start]: open(/home/tmp/sess_4417d180e599b5f12fc34a28f5467d21, O_RDWR) failed: Permission denied (13) in /home/aspac124/public_html/domainnamehere.com/includes/lightwork_session.php on line 45
What does this mean, is the home/tmp the correct place for this and if so what should I do - should the folder permissions be changed?
edit: I don't have access to folders outside the domain root so cannot change the file permissions - have to wait for the client but would like as much info before then.
Thanks in advance
EDIT: Just for anyone reading this. Please make sure your local php.ini file settings are applied to any sub folder that may require it. I was making ajax requests to a file in a sub folder to the root and this was the issue.
我有一个运行用户管理脚本的客户端。 主机提供程序已阻止allow_url_fopen但正在使用suPHP,因此我们创建了一个php.ini的本地副本,其allow_url_fopen设置为“on”。 p>
现在唯一的问题是您无法再登录 使用脚本 - 它说“成功登录你” - 然后将你记录下来(因为会话要么没有被创建或者在错误的地方 - 请原谅我缺乏服务器知识)。 p>
以下是本地php.ini中的设置 p>
upload_tmp_dir =“/ home / aspac124 / public_html / tmp”
register_globals = On
memory_limit = 256M
session。 save_path =“/ home / aspac124 / public_html / tmp”
safe_mode = off
upload_max_filesize = 32M
allow_url_fopen = On
zend_extension =“/ usr / local / I'Cube / ioncube_loader_lin_5.3.so”
n code>
我不确定托管服务提供商为什么要为客户端启用register_globals。 但这是session.save_path的正确位置吗? 我已经检查过,文件夹存在,我也把它设置为777只是为了确保但没有幸福。 p>
另一个使用相同系统的客户有一个类似的问题并告诉我他改变了 tmp /文件夹到他的主目录,一切都很好。 p>
我试图将保存路径设置为/ tmp,/ home / aspac124 / tmp,没有任何反应 - 只需记录 像往常一样。 如果我组成一个路径然后我得到一个“没有这样的文件或目录”错误。 p>
当我把它作为“/ home / tmp”我得到以下消息 p>
警告:session_start()[function.session-start]:open(/ home / tmp / sess_4417d180e599b5f12fc34a28f5467d21,O_RDWR)失败:/ home / aspac124 / public_html / domainnamehere中的权限被拒绝(13) .com / includes / lightwork_session.php第45行
code> pre>
这是什么意思,home / tmp是正确的地方,如果是这样,我应该怎么做 - 是否应该更改文件夹权限? p>
编辑:我无法访问域根目录外的文件夹,因此无法更改文件权限 - 必须等待客户端但是希望如 之前很多信息。 p>
提前致谢 p>
编辑:只为阅读此内容的任何人阅读。 请确保您的本地php.ini文件设置应用于可能需要它的任何子文件夹。 我正在向根目录下的子文件夹中的文件发出ajax请求,这就是问题所在。 p>
div>
You should place your session and upload directories outside of the document root otherwise these will be accessible by anyone and can result in remote script injection, session hijacking etc.
You should perhaps create a tmp directory as /home/aspac124/tmp and set the permissions so Apache can write to this directory. Perhaps set the chmod to 0760.