Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home Uncategorized How to Fix PHP Session Errors while Respecting Security with Correct Permissions
How to Fix PHP Session Errors while Respecting Security with Correct Permissions

Cloud Insidr 2015-11-25 2 Comments

How to Fix PHP Session Errors while Respecting Security with Correct Permissions

Have you ever seen one of these weird redirects? WordPress, for example, may refuse to show the log-in page, leaving you out of its admin interface for good. Here is what to do about it.

The log file may hold the secret to the weird behaviour:

tail /var/log/nginx/error.log

You might see something like this:

2015/11/18 18:23:51 [error] 16852#16852: *18847 FastCGI sent in stderr: "PHP message: PHP Warning: session_start(): open(/var/lib/php/session/sess_hk123na6l228eui7odqub6rghej6, O_RDWR) failed: No such file or directory (2) in /mnt/www/www.yourdomain.com/somefolder/somepath/watever-legit-script-is-trying-to-read-sessions.php on line 715" while reading response header from upstream, client: XXX.XXX.XXX.XXX, server: www.yourserver.com, request: "GET /content/? HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.sockets/www.yourserver.com.sock:", host: "www.yourserver.com", referrer: "https://auth.somereferrer.com/whatever"

or something like this:

2015/11/18 18:23:51 [error] 16852#16852: *18847 FastCGI sent in stderr: "PHP message: PHP Warning: Unknown: open(/var/lib/php/session/sess_hk123na6l228eui7odqub6rghej6, O_RDWR) failed: No such file or directory (2) in Unknown on line 0
PHP message: PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0" while reading upstream, client: XXX.XXX.XXX.XXX, server: www.yourserver.com, request: "GET /content/? HTTP/1.1", upstream: "

These errors occur because PHP has no way of saving sessions on disk. Correcting permissions should fix the problem, but the trick is not to overdo it. Incorrect permissions on session files can open a can of worms to session hijacking.

The location of the PHP session path can be found in /etc/php.ini under session.save_path. The default path is

/var/lib/php/session

If this directory does not exist (even though it should exist precisely in this path), create it, then change permissions on it:

chown -R nginx:nginx /var/lib/php/session
chmod -Rf 700 /var/lib/php/session

This assumes that you are running NGINX as the user nginx. (Be careful to change access privileges correctly–this always means: restrictively–in order not to facilitate session hijacking!).

Restart php-fpm and you should be good to go.

Filed Under: Uncategorized, web servers in the cloud Tagged With: error, Linux, log, NGINX, permissions, PHP, php-fpm, session, session hijacking

Comments

  1. insidr says

    2016-02-27 at 2:07 pm

    Thank you! We are very happy we could help. You are welcome to come back any time and please feel free to post your questions–and your success stories–in the comments:-)

    Reply

Trackbacks

  1. How to Install PHP 7 on CentOS 7 (Red Hat/Fedora family) | cloudinsidr says:
    2015-12-17 at 9:05 pm

    […] How to Fix PHP Session Errors while Respecting Security with Correct Permissions […]

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Join Cloud Insidrs!

Symantec Code Signing (200x200)

Tag Cloud

automation AWS Azure Azure Active Directory Azure Arc Azure Lighthouse Azure Resource Manager certbot certificate clickjacking cron CSRF cyber security DD-WRT DNS over HTTPS DoH domain firmware Gemalto HPKP HSTS IAM letsencrypt log logs MFA MITM Netgear network router SELinux time stamp tip Whois WiFi x509 XSS
Secure Site with EV (160x600)

Pearson Education (InformIT)

Pearson Education (Peachpit)

Thawte Code Signing (200x200)

  • Content purchasing and syndication