Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Sessions Problem since CGI upgrade
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Everything else
- :
- Sessions Problem since CGI upgrade
- « Previous
-
- 1
- 2
- Next »
Re: Sessions Problem since CGI upgrade
04-04-2010 2:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks to Tonyr and Skysurfer for there help in sorting the SESSION path out.
All I need to do now is get the security images working which will not pass the alpha/numeric string over.
Does anyone know as I don't want to remove the security images as the SPAMMERS come through thick and fast with their obscence emails.
My site is www.netman.plus.com
Many thanks in advance
Netman
All I need to do now is get the security images working which will not pass the alpha/numeric string over.
Does anyone know as I don't want to remove the security images as the SPAMMERS come through thick and fast with their obscence emails.
My site is www.netman.plus.com
Many thanks in advance
Netman
Message 16 of 20
(348 Views)
Re: Sessions Problem since CGI upgrade
04-04-2010 3:44 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Short note on methods for setting session.save_path
As you'll have gathered, there's a couple of places you can set the session.save_path: in a custom php.ini or at runtime using ini_set().
If you also want/need to set directives that can't be set at runtime (like register_globals), then php.ini is the way to go; otherwise it's either.
To use the runtime method, you need to edit all .php files that use sessions (unless you already include something else at the top of each page). To use the php.ini method, you need to place a custom php.ini file in each folder where you have .php files or <a href="http://community.plus.net/forum/index.php/topic,84267.msg696736.html#msg696736">a symlink to a single custom php.ini</a>, or use <a href="http://community.plus.net/forum/index.php/topic,84267.msg697776.html#msg697776">a wrapper method</a>.
Short recap for historians: On the test version of this platform, the session.save_path was set to the Debian default of /var/lib/php5, but it was not shared and those of us who were testing it failed to notice, partly because there was another sharing snafu which masked it and partly because some of us had already set our own session.save_path. When the platform went live, the problem was soon <a href="http://community.plus.net/forum/index.php/topic,84409.msg696784.html">picked up and as a quick fix Plusnet switched the session.save_path to /tmp</a>, which is shared but problematic. Previously, I'd posted <a href="http://community.plus.net/forum/index.php/topic,83568.msg696223.html#msg696223">a custom php.ini</a> to help with particular problems and it eventually occurred to me that if anyone was using this with sessions but without changing the session.save_path to /tmp or their own folder, it would cause problems. Of course, as soon as I posted that, <a href="http://community.plus.net/forum/index.php/topic,84544.msg698512.html#msg698512">the /tmp became unuseable</a> ::). With any luck this will get fixed soon, but for security the recommendation would be to set your own session.save_path any way.
It might be worth mentioning that with PHP 5, sessions can be stored using SQLite - not everyone's cup of tea, but can be useful.
Gabe
As you'll have gathered, there's a couple of places you can set the session.save_path: in a custom php.ini or at runtime using ini_set().
If you also want/need to set directives that can't be set at runtime (like register_globals), then php.ini is the way to go; otherwise it's either.
To use the runtime method, you need to edit all .php files that use sessions (unless you already include something else at the top of each page). To use the php.ini method, you need to place a custom php.ini file in each folder where you have .php files or <a href="http://community.plus.net/forum/index.php/topic,84267.msg696736.html#msg696736">a symlink to a single custom php.ini</a>, or use <a href="http://community.plus.net/forum/index.php/topic,84267.msg697776.html#msg697776">a wrapper method</a>.
Short recap for historians: On the test version of this platform, the session.save_path was set to the Debian default of /var/lib/php5, but it was not shared and those of us who were testing it failed to notice, partly because there was another sharing snafu which masked it and partly because some of us had already set our own session.save_path. When the platform went live, the problem was soon <a href="http://community.plus.net/forum/index.php/topic,84409.msg696784.html">picked up and as a quick fix Plusnet switched the session.save_path to /tmp</a>, which is shared but problematic. Previously, I'd posted <a href="http://community.plus.net/forum/index.php/topic,83568.msg696223.html#msg696223">a custom php.ini</a> to help with particular problems and it eventually occurred to me that if anyone was using this with sessions but without changing the session.save_path to /tmp or their own folder, it would cause problems. Of course, as soon as I posted that, <a href="http://community.plus.net/forum/index.php/topic,84544.msg698512.html#msg698512">the /tmp became unuseable</a> ::). With any luck this will get fixed soon, but for security the recommendation would be to set your own session.save_path any way.
It might be worth mentioning that with PHP 5, sessions can be stored using SQLite - not everyone's cup of tea, but can be useful.
Gabe
Message 17 of 20
(348 Views)
Re: Sessions Problem since CGI upgrade
04-04-2010 3:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi Netman,
Glad you were able to fix the sessions problem. Can you give more detail on your security_picture problem? Does your form return what you expect from the code input?
Gabe
Glad you were able to fix the sessions problem. Can you give more detail on your security_picture problem? Does your form return what you expect from the code input?
Gabe
Message 18 of 20
(348 Views)
Re: Sessions Problem since CGI upgrade
15-04-2010 6:32 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It's a good thing there are some clued up members out there and thanks to those who have donated their time to help fellow paying customers of a commercial company.
The clerks who answer the tickets (can't bring myself to call any of it support) clearly don't know who has been fiddling with what.
Imagine if your electricity supplier halved the voltage and then told you it wasn't their responsibility and that you had to go and ask someone else who'd had the same problem created for them and that the answer was to buy new appliances.
Here's a useful link that anyone at PN might like to have a look at: http://en.wikipedia.org/wiki/Customer. Within the page there's a link to customer service but you need to be a bit more mature before you look at that - you have to be able to walk before you can run.
The clerks who answer the tickets (can't bring myself to call any of it support) clearly don't know who has been fiddling with what.
Imagine if your electricity supplier halved the voltage and then told you it wasn't their responsibility and that you had to go and ask someone else who'd had the same problem created for them and that the answer was to buy new appliances.
Here's a useful link that anyone at PN might like to have a look at: http://en.wikipedia.org/wiki/Customer. Within the page there's a link to customer service but you need to be a bit more mature before you look at that - you have to be able to walk before you can run.
Message 19 of 20
(348 Views)
Re: Sessions Problem since CGI upgrade
15-04-2010 8:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thank you SO much for this advice... I have no knowledge about PHP whatsoever (microsoft background... sorry for swearing...) but have managed to get my CMSMS installation back on course again with these tips....
Message 20 of 20
(348 Views)
- « Previous
-
- 1
- 2
- Next »
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Everything else
- :
- Sessions Problem since CGI upgrade