{"id":28,"date":"2015-11-25T03:47:12","date_gmt":"2015-11-25T11:47:12","guid":{"rendered":"https:\/\/cloudinsidr.com\/content\/?p=28"},"modified":"2016-03-21T09:21:56","modified_gmt":"2016-03-21T17:21:56","slug":"how-to-securely-fix-php-session-errors","status":"publish","type":"post","link":"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/","title":{"rendered":"How to Fix PHP Session Errors while Respecting Security with Correct Permissions"},"content":{"rendered":"<p>Have you ever seen one of these weird redirects? WordPress, for example, may refuse to show the log-in page, leaving you out of its admin interface for good. Here is what to do about it.<\/p>\n<p><!--more--><\/p>\n<p>The log file may hold the secret to the weird behaviour:<\/p>\n<pre>tail \/var\/log\/nginx\/error.log<\/pre>\n<p>You might see something like this:<\/p>\n<pre>2015\/11\/18 18:23:51 [error] 16852#16852: *18847 FastCGI sent in stderr: \"PHP message: PHP Warning: session_start(): open(\/var\/lib\/php\/session\/sess_hk123na6l228eui7odqub6rghej6, O_RDWR) failed: No such file or directory (2) in \/mnt\/www\/www.yourdomain.com\/somefolder\/somepath\/watever-legit-script-is-trying-to-read-sessions.php on line 715\" while reading response header from upstream, client: XXX.XXX.XXX.XXX, server: www.yourserver.com, request: \"GET \/content\/? HTTP\/1.1\", upstream: \"fastcgi:\/\/unix:\/var\/run\/php-fpm.sockets\/www.yourserver.com.sock:\", host: \"www.yourserver.com\", referrer: \"https:\/\/auth.somereferrer.com\/whatever\"<\/pre>\n<p>or something like this:<\/p>\n<pre>2015\/11\/18 18:23:51 [error] 16852#16852: *18847 FastCGI sent in stderr: \"PHP message: PHP Warning: Unknown: open(\/var\/lib\/php\/session\/sess_hk123na6l228eui7odqub6rghej6, O_RDWR) failed: No such file or directory (2) in Unknown on line 0\r\nPHP message: PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (\/var\/lib\/php\/session) in Unknown on line 0\" while reading upstream, client: XXX.XXX.XXX.XXX, server: www.yourserver.com, request: \"GET \/content\/? HTTP\/1.1\", upstream: \"<\/pre>\n<p>These errors\u00a0occur because PHP has no way of\u00a0saving sessions on disk. Correcting permissions should fix the problem, but the trick is not to overdo it. Incorrect permissions on session files can open a can of worms to\u00a0session hijacking.<\/p>\n<p>The location of the PHP session path can be found in \/etc\/php.ini under session.save_path. The default path is<\/p>\n<pre>\/var\/lib\/php\/session<\/pre>\n<p>If this directory does not exist (even though it should exist precisely in this path), create it, then change permissions on it:<\/p>\n<pre>chown -R nginx:nginx \/var\/lib\/php\/session\r\nchmod -Rf 700 \/var\/lib\/php\/session<\/pre>\n<p>This assumes that you are running NGINX as the user nginx. (<strong>Be careful to\u00a0change access\u00a0privileges correctly&#8211;this always means: restrictively&#8211;in order not to facilitate\u00a0session hijacking<\/strong>!).<\/p>\n<p>Restart php-fpm and you should be good to go.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Have you ever seen one of these weird redirects? WordPress, for example, may refuse to show the log-in page, leaving you out of its admin interface for good. Here is what to do about it.<\/p>\n","protected":false},"author":1,"featured_media":76,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1,6],"tags":[24,28,23,7,25,21,27,22,26],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v14.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Fix PHP Session Errors while Respecting Security with Correct Permissions - CloudInsidr<\/title>\n<meta name=\"robots\" content=\"index, follow\" \/>\n<meta name=\"googlebot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta name=\"bingbot\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Fix PHP Session Errors while Respecting Security with Correct Permissions - CloudInsidr\" \/>\n<meta property=\"og:description\" content=\"Have you ever seen one of these weird redirects? WordPress, for example, may refuse to show the log-in page, leaving you out of its admin interface for good. Here is what to do about it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/\" \/>\n<meta property=\"og:site_name\" content=\"CloudInsidr\" \/>\n<meta property=\"article:published_time\" content=\"2015-11-25T11:47:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-21T17:21:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cloudinsidr.com\/content\/wp-content\/uploads\/2015\/11\/cloudinsidr_logo_900px-wide.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"326\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#website\",\"url\":\"https:\/\/www.cloudinsidr.com\/content\/\",\"name\":\"CloudInsidr\",\"description\":\"Cyber security, infotech\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":\"https:\/\/www.cloudinsidr.com\/content\/?s={search_term_string}\",\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.cloudinsidr.com\/content\/wp-content\/uploads\/2015\/11\/cloudinsidr_logo_900px-wide.png\",\"width\":900,\"height\":326,\"caption\":\"cloudinsidr.com logo (900px wide)\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/#webpage\",\"url\":\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/\",\"name\":\"How to Fix PHP Session Errors while Respecting Security with Correct Permissions - CloudInsidr\",\"isPartOf\":{\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/#primaryimage\"},\"datePublished\":\"2015-11-25T11:47:12+00:00\",\"dateModified\":\"2016-03-21T17:21:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#\/schema\/person\/dd6ee9cb21cf05763fd7cff3d6f11b2b\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cloudinsidr.com\/content\/how-to-securely-fix-php-session-errors\/\"]}]},{\"@type\":[\"Person\"],\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#\/schema\/person\/dd6ee9cb21cf05763fd7cff3d6f11b2b\",\"name\":\"Cloud Insidr\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.cloudinsidr.com\/content\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8b2fa1415b3d573b97d818b8f8f83b7c?s=96&d=mm&r=g\",\"caption\":\"Cloud Insidr\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","_links":{"self":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts\/28"}],"collection":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/comments?post=28"}],"version-history":[{"count":8,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts\/28\/revisions"}],"predecessor-version":[{"id":31,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/posts\/28\/revisions\/31"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/media\/76"}],"wp:attachment":[{"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/media?parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/categories?post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudinsidr.com\/content\/wp-json\/wp\/v2\/tags?post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}