New ccgi site - session save path?

stuartp · ‎06-08-2007

Hi,
Is the "session.save_path" really /var/lib/php5 as stated in PHPInfo? Shouldn't it be somewhere like /tmp? I know it can be redirected by a local php.ini but I've never had an issue before the upgrade.

Stuart

Ben_Brown · ‎13-06-2007

That's a good point, looks like we missed that one. We'll look in to it.

Gabe · ‎29-10-2008

Quote from: stuartp
Is the "session.save_path" really /var/lib/php5 as stated in PHPInfo?

That's standard for Debian. It should have slightly odd permissions to guard against fishing, but "should" work.
Gabe

Ben_Brown · ‎13-06-2007

It would be fine on a single box, but as there's four cgi servers behind a loadbalancer you would get unexpected results using that on our platform. /tmp is shared across all the boxes so that's a much better place for it.

Gabe · ‎29-10-2008

Quote from: Ben
It would be fine on a single box

It would be fine if it was shared, but if it isn't then that explains it. Sessions now world readable in tmp. Hey ho.
Gabe

Ben_Brown · ‎13-06-2007

They shouldn't be world readable, they will be group readable, which is similar on this platform as everyone's in the same group. I'd recommend people set it specifically, but having it in /tmp will work. Platforms with so many different users on are always challenging to lock down without killing too much functionality.

New ccgi site - session save path?

New ccgi site - session save path?

Re: New ccgi site - session save path?

Re: New ccgi site - session save path?

Re: New ccgi site - session save path?

Re: New ccgi site - session save path?

Re: New ccgi site - session save path?