PHP 8 on IIS 2019: Sometimes Session can not be written - php

From time to time I get the classic "Failed to read session data" error on my application running on php 8, IIS 2019. This is usually associated with a) the directory does not exist b) the permissions are not set. I can rule out both cases.
Sessions are stored in c:/Temp/phpsessions. All read/write permissions are set correctly. Most of the times there is no problem. But if users doesn't log in for a while I get the following warning and the app does not work.
PHP Warning: session_start():open(C:\temp\phpsessions\sess_221kd8pv25fvefq#tnph9fhoss,O_RDWR)failed:Permission denied(13)...
Again, the session_path is set in php.ini, most of the time everything works. I thought maybe the session key does not have a corresponding session file anymore. But that should not generate an error but a new session. What am I missing?
I tried to store Session Variables and start the session with session_start(). I expect an old session to be invalid and not cause a permission denied warning. I expect a new empty session to be created.

The "Failed to read session data" error can occur for a number of reasons, it may be caused by a misconfiguration of the PHP process. Check the session_handler parameter in the PHP process handler. For more information, please refer this document. Hope this idea helps you.

Related

Can't log in to mediawiki: canceled as a precaution against session hijacking?

I'm using a private mediawiki hosted on AWS EC2 instance for years
I thought something gone wrong with some extension, specifically stopping in the middle of math rendering, so I tried to reload the page with Google Chrome browser's cache were all erased.
Right after that, I can't log in seeing this message "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."
I tried,
1. restart apache server
2. tried MediaWiki sessions and cookies not working on multi-server behind CloudFlare
3. tried Mediawiki, can't login after password change
4. tried "go in your LocalSettings.php and at the end add the following code of line :session_save_path("tmp");Create a folder "tmp" in your wiki installation directory. give rights 777 (permissions)" as in https://www.mediawiki.org/wiki/Topic:Pjby0sdeg3e60rfy
5. checked the server's hard disk storage, but it has free space of way more than 3.5gb.
How do I fix this and is there any way of disabling this really helpful "PRECAUTION" feature?
Adding $wgSessionCacheType = CACHE_DB; to LocalSettings.php solves the problem. No need to change $wgMainCacheType.
This works, without the "precaution against session hijacking" error:
$wgMainCacheType = CACHE_ACCEL;
$wgSessionCacheType = CACHE_DB;
Turned out to be something went wrong with cache settings in LocalSettings.php. Resolved after removing (almost all) customized cache settings.
MediaWiki authentication and session handling has been rewritten for 1.27; see announcement (the last section). Session hijacking warnings mean the CSRF token you are submitting was not found in the session, which in turn usually means the session storage is configured wrong.
Twice now, we started getting this error after the server ran out of space. Turns out, both times it was because the objectcache table had been corrupted.
To fix it, just run the SQL statement (e.g. at a MySQL prompt):
REPAIR TABLE objectcache;

How to correctly setup session for PHP on IIS 8.5

I am currently trying run one of my old website on newly launched Windows server. We are using IIS 8.5, but I have struggles with correct settings of Session for PHP.
On the server are runnig two versions of PHP, 5.4.9 and 5.6.2. For both of them I set session.save_path on “C:\inetpub\temp\sessions”. For this folder I set access rigths (write, delete, run, create) for user groups IUSR, IIS_IUSRS and Users. What is the problem, that I have all the time some issues with starting or cleaning session. Randomly I am getting some errors or warnings. One last of them was this one:
Warning: session_regenerate_id(): Session object destruction failed
This warning is quiet often. I have managed to run the website, but when I tried to log in to the system, nothing happend. Right after login it redirected me back on a login page, because it wasn't able to find and check user session.
Additionaly I was trying to dump some data and I am getting this error:
Cannot regenerate session ID after HTTP headers have been sent.
So I am guessing, that the main problem is with session and it is not set correctly. Can you give me some advice, how to set it right? Or what could I have done wrong? Thanks
EDIT:
I just find out , that in process of login is my session empty. I try to login, script authenticate my account and save Identity into session. But when it redirects to another page after login, the session is empty and ther is no user identity.
What is important to say, this website was moved from Linux server and it was working right. So there is no problem in code. THere has to be some problem in settings of PHP or anything else.
For this Error:
Cannot regenerate session ID after HTTP headers have been sent.
Start your header or In the most Top of your code by this line:
<?php ob_start(); ?>
For this one:
Warning: session_regenerate_id(): Session object destruction failed
Could you post your full session code ? To check which line changes the session id then, your system cannot find the session you try to destroy

dealing with Tokens in the session PHP online

I'm making use of storing random token values into session as well as flash message which prints out messages for one time only upon registration of updating profile,, this is working so far like it should on the localhost - wampserver. However, after deploying the website to the live server the process works correctly as long as the user is not logged in, after I log in I just can't update the profile at all, also after a successful registration the message "you have been registered successfully" is shown every time I go to the the homepage while it should only appear once and only once.. and again on the local server it is working like charm.
So after checking some online resources the answer was it mostly the configuration of php.ini on the server is what causing the problem, so I checked the php.ini on the server and after comparing it to the local one i found these two line missing concerning the Session field:
session.save_path = "c:/wamp/tmp"
session.use_only_cookies = 1
Then I added them to the online version of php.ini and it still doesn't work, of course I've changed the save_path to some random value but the whole storing in session doesn't work at all until i comment the session.save_path line, the other line didn't change anything so I don't know where the problem is.
Thanks in advance.
you're trying to write to a directory php doesn't have write access to. when you comment out the line, it stores it in the default php save path, which it does have write permissions.
I just found this PHP Based session variable not retaining value. Works on localhost, but not on server and it is exactly the cause of the problem, these people using register_globals ON .. that's it.

PHP session_start(); has started hanging the server

I have a DMZ set up with a web server and an application server, both running Ubuntu under gnome (v11.04 on the web server and v11.10 on the application server). session_start() has started hanging on the application server. The code is located on the application server and it does not hang when I access my web site and access the page with the session_start() call on it. It seems that every session_start() has started hanging on the application server although I have no problems with the associated pages when I access them from other computers or across the web. Also I have only just started having this problem on the application server without having made any changes to my php code. Could it be that some buffer has filled up and needs to be cleared?
I tried editing /etc/php5/apache2/php.ini and setting
session.save_path = "/tmp"
/tmp exists.
But I still have the problem. I can stop it hanging by preceding session_start() with session_end() but then it does not execute the remaining PHP or html code in the file.
/var/log/apache2/error.log included the following message:
PHP Notice: A session had already been started - ignoring session_start() in
/var/www/DraculaPgm.php on line 101, referer:
http://MyWebSite.com/ApplicationServer/Dracula.php
Any assistance with this would be greatly appreciated,
Peter.
Update 29-Dec-2012
Thank you to everyone who replied to this question. Unfortunately, I tried all of the suggestions and 'session_start()' still hangs. However, if I leave it for a few minutes, it breaks with the following error message.
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /ApplicationServer/Dracula.php.
Reason: Error reading from remote server
Apache/2.2.17 (Ubuntu) Server at MyWebSite.com Port 80
I have squid installed on the web server. Could this be a problem?
Thanks,
Peter
This sounds like a configuration issue. Make sure that PHP is reporting all errors, i.e., error_reporting(E_ALL) and either display or log all errors. (You might even want to enable display_startup_errors in your php.ini) - reporting all errors may shed light on what's going on. (if you need help you can post any errors that you get from this as an edit) You may want to look at the following as well for troubleshooting the issues with sessions:
When using /dev/random as session entropy file
When page is calling itself with the same session
Alternatively if none of those show anything you may want to read over the bug report at https://bugs.php.net/bug.php?id=28856&edit=1 depending on what version of PHP you are running.
I changed 'session_start()' to the following block.
if(!isset($_SESSION))
{
session_destroy();
session_start();
}
I now do not have the problem. I am hesitant to say that it fixed the problem since it did not seem to fix it right away.
Thank you to everyone for your help,
Peter.
Try changing the permission of the /tmp folder by doing chmod 777 /tmp and check if its working.If its working then change the permission mode to make it more secure
Try checking out this Question I call session_start() the script hangs and nothing happens
And this http://www.projectpier.org/node/1934
"It seems that the session file is opened exclusively. On some
occasions (Windows) I have found that the file lock is not released
properly for whatever reason, therefore causing session_start() to
hang infinitely on any future script executions. My way round this
problem was to use session_set_save_handler() and make sure the write
function used fopen($file, 'w') instead of fopen($file, 'x')"
You can find many others having the same problem and their workarounds if you go through http://php.net/manual/en/function.session-start.php
if(!isset($_SESSION))
{
session_start();
}
Use this at the top of your PHP file!
And for your info: session_destroy() is used to end session.
Before anything else - try another browser!
I just encountered this session_start problem. I checked my tmp folder and everything and I was about to call my hosting-provider until I thought I should try another browser first because it might have to do with session cookies.
I work with chrome, so I tested in IE and found that it was indeed the case: It worked in another browser!
I closed IE ;) - went back to chrome, looked for the cookie (PHP_SESS_ID), deleted it and everything works again!
Well, the good part is - Just like you guys I got to brush up my knowledge of -jay- sessions! ;)

WP E Commerce Safe Mode restriction error

I have my online shop, created with WP Ecommerce getting broken after I moved it to another server. I could be sure that the problem comes from WP Ecommerce because when I disable that plugin. Everything run as expected. This is the exact error message
Warning: session_start() [function.session-start]: SAFE MODE Restriction in effect. The script whose uid is 515 is not allowed to access /tmp owned by uid 0 in /home/mikalu/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/wpsc-constants.php on line 17
Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to initialize storage module: files (path: ) in /home/mikalu/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/wpsc-constants.php on line 17
I've tried to turn off safe mode on my php configuration. nothing happens. the error's still there.
I thought it was some kind of permission issue, so I tried to change /tmp permission to 777. Nothing happens. I googled it some more and suspect it might have something to do with fastCGI configuration and stuff. Which I totally don't understand.
My googling result mostly suggest me to consult the web hosting provider or even to move to another host. But in this case, I am the owner of the server (VPS with cPanel/WHM). And I don't have any idea how to solve this kind of problem
Any help would be very much appreciated :)
edit: I'm not so sure of this is really a server issue. Because if it really server configuration issue on session save path. Then the whole wordpress shouldn't be working coz it obviously use some session too. The session problem only come from that particular wp-ecommerce script. That's why I post it here on stackoverflow too.
After your edit, it's more clear why you ask that question. Wordpress itself does not uses PHP session, so it's not causing the issue but those component you're using is using PHP sessions.
The PHP manual normally is a good start to understand safemode and how to disable it: http://php.net/manual/features.safe-mode.php
Additionally you should review your server configuration that it is safe instead. Safe-mode is unsafe. Hopefully your server ain't.

Categories