• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Setting sess_save_path correctly

#1
Hi, I've just uploaded my first ci app to my host provider's server after working on it in apache's localhost. The welcome controller worked fine, but when I tried to access my ion auth login, I got the following error...

Code:
A PHP Error was encountered

Severity: Warning

Message: mkdir(): Invalid path

Filename: drivers/Session_files_driver.php

Line Number: 117

Backtrace:

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 9
Function: library

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 52
Function: __construct

File: /home/leke/public_html/ci/application/controllers/admin/Dashboard.php
Line: 9
Function: __construct

File: /home/leke/public_html/ci/index.php
Line: 292
Function: require_once

A PHP Error was encountered

Severity: Warning

Message: Cannot modify header information - headers already sent by (output started at /home/leke/public_html/ci/system/core/Exceptions.php:272)

Filename: core/Common.php

Line Number: 568

Backtrace:

An uncaught Exception was encountered

Type: Exception

Message: Session: Configured save path '' is not a directory, doesn't exist or cannot be created.

Filename: /home/leke/public_html/ci/system/libraries/Session/drivers/Session_files_driver.php

Line Number: 119

Backtrace:

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 9
Function: library

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 52
Function: __construct

File: /home/leke/public_html/ci/application/controllers/admin/Dashboard.php
Line: 9
Function: __construct

File: /home/leke/public_html/ci/index.php
Line: 292
Function: require_once

After a little googling, I found adding changing $config['sess_save_path'] from NULL to sys_get_temp_dir(); in config.php fixed the problem. Reading up on this led me to https://www.codeigniter.com/user_guide/l...sions.html and there it was suggested I load $this->load->library('session'); after parent::__construct() in MY_Controller. Trying this (after setting $config['sess_save_path'] back to NULL) gave me an error again, so I'm back to the sys_get_temp_dir(); as the value to $config['sess_save_path'].

So my question is, is this a usual thing when setting up the live app environment, or should I be concerned about something at this stage? As a noob, it's quite hard to ask questions about something I am new to, but I'm just trying to make sure I'm not going too far off track here while trying to understand as much as possible.

Thanks.
Reply

#2
i remember i had similar problem with my app when uploaded to the hosting server. i guess the problem comes from the caged virtual FS that you see on the hosting server, while you see path /htdocs/session_path , the real path is, for example: /var/<username>/htdocs/session_path.

what i finally did to overcome this, is:

the prod installation has in index.php:

define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'production');

while the installation on my dev PC has:

define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'development');

so, remove completely the line about sess_path line from the application/config.php file and define the path (use absolute path, i could see the absolute path in the log, i dont see it in your case, you will have to discover it somehow, maybe even ask the server admin) on each file (config/production/config.php and config/development/config.php), and by changing the ENVIRONMENT in the index.php, you can make CI load the path you need per system. before all that, i had relevant path (../xxx/xxx/session_path for example), but when i migrated to the hosting server, i ended up in the above trouble and had to switch to absolute paths.

hope it helps
Reply

#3
(03-05-2016, 08:45 AM)n2fole00 Wrote: Hi, I've just uploaded my first ci app to my host provider's server after working on it in apache's localhost. The welcome controller worked fine, but when I tried to access my ion auth login, I got the following error...

Code:
A PHP Error was encountered

Severity: Warning

Message: mkdir(): Invalid path

Filename: drivers/Session_files_driver.php

Line Number: 117

Backtrace:

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 9
Function: library

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 52
Function: __construct

File: /home/leke/public_html/ci/application/controllers/admin/Dashboard.php
Line: 9
Function: __construct

File: /home/leke/public_html/ci/index.php
Line: 292
Function: require_once

A PHP Error was encountered

Severity: Warning

Message: Cannot modify header information - headers already sent by (output started at /home/leke/public_html/ci/system/core/Exceptions.php:272)

Filename: core/Common.php

Line Number: 568

Backtrace:

An uncaught Exception was encountered

Type: Exception

Message: Session: Configured save path '' is not a directory, doesn't exist or cannot be created.

Filename: /home/leke/public_html/ci/system/libraries/Session/drivers/Session_files_driver.php

Line Number: 119

Backtrace:

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 9
Function: library

File: /home/leke/public_html/ci/application/core/MY_Controller.php
Line: 52
Function: __construct

File: /home/leke/public_html/ci/application/controllers/admin/Dashboard.php
Line: 9
Function: __construct

File: /home/leke/public_html/ci/index.php
Line: 292
Function: require_once

After a little googling, I found adding changing $config['sess_save_path'] from NULL to sys_get_temp_dir(); in config.php fixed the problem. Reading up on this led me to https://www.codeigniter.com/user_guide/l...sions.html and there it was suggested I load $this->load->library('session'); after parent::__construct() in MY_Controller. Trying this (after setting $config['sess_save_path'] back to NULL) gave me an error again, so I'm back to the sys_get_temp_dir(); as the value to $config['sess_save_path'].

So my question is, is this a usual thing when setting up the live app environment, or should I be concerned about something at this stage? As a noob, it's quite hard to ask questions about something I am new to, but I'm just trying to make sure I'm not going too far off track here while trying to understand as much as possible.

Thanks.

https://github.com/bcit-ci/CodeIgniter/b...g.php#L347
Why did you ignore this note?

You're not supposed to leave it empty.
And you are again NOT supposed to set it it to sys_get_temp_dir(), especially if you're uploading to a shared hosting environment.

Just pick a directory that only you can read, and point to it.

(03-05-2016, 12:37 PM)iz_no_good Wrote: i remember i had similar problem with my app when uploaded to the hosting server. i guess the problem comes from the caged virtual FS that you see on the hosting server, while you see path /htdocs/session_path , the real path is, for example: /var/<username>/htdocs/session_path.

what i finally did to overcome this, is:

the prod installation has in index.php:

define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'production');

while the installation on my dev PC has:

define('ENVIRONMENT', isset($_SERVER['CI_ENV']) ? $_SERVER['CI_ENV'] : 'development');

so, remove completely the line about sess_path line from the application/config.php file and define the path (use absolute path, i could see the absolute path in the log, i dont see it in your case, you will have to discover it somehow, maybe even ask the server admin) on each file (config/production/config.php and config/development/config.php), and by changing the ENVIRONMENT in the index.php, you can make CI load the path you need per system. before all that, i had relevant path (../xxx/xxx/session_path for example), but when i migrated to the hosting server, i ended up in the above trouble and had to switch to absolute paths.

hope it helps

This has nothing to do with the OP's question and you're giving a very bad advice.
Reply

#4
(03-05-2016, 12:59 PM)Narf Wrote: https://github.com/bcit-ci/CodeIgniter/b...g.php#L347
Why did you ignore this note?

You're not supposed to leave it empty.
And you are again NOT supposed to set it it to sys_get_temp_dir(), especially if you're uploading to a shared hosting environment.

Just pick a directory that only you can read, and point to it.

Oh wow, I completely missed the comments, how silly of me. Yes, the error message makes much more sense now. I created a sessions directory and set permissions to 700. Seems to work fine now.

Thanks.
Reply

#5
Hey, I just wanted to add this as a reminder to myself, as I had trouble with it again on shared hosting...

Creating a sessions folder and doing this

Code:
$config['sess_save_path'] = 'sessions';

get's you an error like

Code:
A PHP Error was encountered
Severity: Warning

Message: touch(): open_basedir restriction in effect. File(sessions/ci_sessionre75b41fj6vnmkujqvfb8r6t75p4rb3l) is not within the allowed path(s): (/home/oulunosast/:/tmp/:/var/tmp/:/usr/local/php70/lib/:/usr/local/php54/lib/:/usr/local/php55/lib/:/usr/local/php56/lib/:/usr/local/php70/lib/:/usr/local/php71/lib/:/usr/local/php72/lib/:/usr/local/lib/php/)

Filename: drivers/Session_files_driver.php

Line Number: 248

Backtrace:

A PHP Error was encountered
Severity: Warning

Message: session_write_close(): Failed to write session data (user). Please verify that the current setting of session.save_path is correct (sessions)

Filename: Unknown

Line Number: 0

Backtrace:

Don't forget that absolute path, which can be achieved like so...

Code:
$config['sess_save_path'] = BASEPATH . 'sessions';

The warning error should disappear.

Goodbye future me Tongue
Reply

#6
This has always worked for me.

Create a new folder under ./application named writable

./application/writable

PHP Code:
$config['sess_driver'            'files';
$config['sess_cookie_name'       'pcfx_session_';
$config['sess_expiration'        7200;
$config['sess_save_path'         APPPATH.'writable';
$config['sess_match_ip'          FALSE;
$config['sess_time_to_update'    300;
$config['sess_regenerate_destroy'] = FALSE


I have never had a problem with it doing it this way.

But be careful some hosting providers will change the session path on you.

My hosting provider does not change it.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply

#7
Oh, I see BASEPATH points to the system folder and APPPATH points to the application folder. I assumed BASEPATH would be one level up from the application folder (so the root folder). It's probably wiser to have it in the application folder, like you have it. Thanks.
Reply

#8
(05-26-2018, 03:40 PM)n2fole00 Wrote: Oh, I see BASEPATH points to the system folder and APPPATH points to the application folder. I assumed BASEPATH would be one level up from the application folder (so the root folder). It's probably wiser to have it in the application folder like you have it. Thanks.

Actually having the session files in a non-public folder, a folder above the folder where "index.php: is found, is generally considered to be a good idea. Consider the following folder structure.

Code:
/www  
   /application
   /system
   /any_others
   index.php
/sessions

Where www is the "public" folder for the site

You can easily set the sess_save_path with the following

PHP Code:
$config['sess_save_path'] = substr(FCPATH0strpos(FCPATH'www/')) . 'sessions/'[); 

FCPATH is the folder where index.php is found.
   
Obviously, if your "public" folder has some other name, e.g. 'htdocs', then replace 'www/' with 'htdocs/'.
Reply

#9
Hey, thanks. Minus the typo, it works fine.
Reply

#10
(05-26-2018, 06:08 AM)InsiteFX Wrote: This has always worked for me.

Create a new folder under ./application named writable

./application/writable

PHP Code:
$config['sess_driver'            'files';
$config['sess_cookie_name'       'pcfx_session_';
$config['sess_expiration'        7200;
$config['sess_save_path'         APPPATH.'writable';
$config['sess_match_ip'          FALSE;
$config['sess_time_to_update'    300;
$config['sess_regenerate_destroy'] = FALSE


I have never had a problem with it doing it this way.

But be careful some hosting providers will change the session path on you.

My hosting provider does not change it.

Hey I've just stumbled across this when investigating how secure my sessions are only to learn that my save path was set to NULL!! And worse yet, was set to NULL on my production server. Don't ask me how I missed this. My question is, where has CI been storing the sessions if this has not been set?

Mike
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.