CMS Made Simple Forums

Content management as it is meant to be
https://forum.cmsmadesimple.org/

Session_save_path is writeable

https://forum.cmsmadesimple.org/viewtopic.php?t=74352

Page 2 of 2

Re: Session_save_path is writeable

Posted: Thu Mar 10, 2016 9:17 pm
by velden
Please wait for a minute, investigating something.

Re: Session_save_path is writeable

Posted: Thu Mar 10, 2016 9:42 pm
by velden
Okay, I don't know whether I'm right here, but theory:

http://php.net/manual/en/session.config ... .save-path
There is an optional N argument to this directive that determines the number of directory levels your session files will be spread around in. For example, setting to '5;/tmp' may end up creating a session file and location like /tmp/4/b/1/e/3/sess_4b1e384ad74619bd212e236e52a5a174If . In order to use N you must create all of these directories before use.
As you have this N argument: "2;/clfs/sessions" it is wel possible that only the leaf directories (2 levels deeper) have the proper permissions.

So maybe you could do one other test:

Code: Select all

<?php

   $path =  _get_session_save_path();
   $path = $path . '/0/0';
   echo $path.'<br/>';
   echo  "'$path' " .  ((is_dir($path))?'does':'does NOT' ) . ' exist <br>';
  echo  "'$path' " .  ((is_writable($path))?'is':'is NOT' ) . ' writable <br>';

   function _get_session_save_path()
    {
        $path = ini_get('session.save_path');
        if( ($pos = strpos($path,';')) !== FALSE) $path = substr($path,$pos+1);

        if( $path ) return $path;
    }
This code takes the session.save_path path, appends '/0/0' and then checks if that's an existing folder and if that folder is writable.

Re: Session_save_path is writeable

Posted: Fri Mar 11, 2016 2:43 am
by Jeff
$path . '/0/0';
This path won't exist because nothing created it. Even if PHP can write and create dir it is unknown and probably unlikely that they would be /0/0.

Re: Session_save_path is writeable

Posted: Fri Mar 11, 2016 8:06 am
by velden
Though I'm not a specialist regarding this stuff I did some research before posting:
In order to use N you must create all of these directories before use. A small shell script exists in ext/session to do this, it's called mod_files.sh, with a Windows version called mod_files.bat
Then I looked at a sample mod_files.sh and was pretty sure the '/0/0' folder should be there in advance.

Not 100% sure though, hence the tests.
All times are UTC
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited