apache PHP 会话文件的权限
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/912098/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Permissions to PHP session files
提问by 6bytes
I have a domain domain.com and subdomain sub.domain.com Those two domains have different ftp users (user1, user2) belonging to the same group (usergroup) on linux environment. Finally I have the same PHP application that uses sessions on both domains (one is live and other is testing environment).
我有一个域 domain.com 和子域 sub.domain.com 这两个域有不同的 ftp 用户(user1、user2),它们在 linux 环境中属于同一组(用户组)。最后,我有相同的 PHP 应用程序,它在两个域上都使用会话(一个是实时的,另一个是测试环境)。
When I go to domain.com without going first to sub.domain.com, PHP session file is created in default folder /tmp/ with proper permissions 600 and user1:usergroup, when I access sub.domain.com without going first to domain.com, a file is created with permissions 600 and user2:usergroup.
当我访问 domain.com 而不先访问 sub.domain.com 时,PHP 会话文件会在默认文件夹 /tmp/ 中创建,并具有适当的权限 600 和 user1:usergroup,当我访问 sub.domain.com 而不先访问域时.com,创建一个具有权限 600 和 user2:usergroup 的文件。
All is great for all browsers but IE (please do not focus on this). What I found out is that when I access sub.domain.com and then try domain.com PHP tries to read the same session file but has no permissions and page is loading indefinitely. Changing ownership of the file to user1 makes domain.com work but prevents sub.domain.com from working.
除了 IE 之外的所有浏览器都很好(请不要关注这一点)。我发现当我访问 sub.domain.com 然后尝试 domain.com PHP 尝试读取相同的会话文件但没有权限并且页面无限加载。将文件的所有权更改为 user1 会使 domain.com 工作但阻止 sub.domain.com 工作。
How to make Apache or PHP create different files for sessions or make them accessible from both domains.
如何让 Apache 或 PHP 为会话创建不同的文件或使它们可以从两个域访问。
P.S. Like I said for some weird reason this happens only for IE and the error message from PHP is: Uncaught PHP Error: session_start() [function.session-start]: open(/tmp/sess_t1..., O_RDWR) failed: Permission denied (13) in file xxx.php on line 46 on line on line 46 is session_start();
PS 就像我说的出于某种奇怪的原因这仅发生在 IE 中,并且来自 PHP 的错误消息是:未捕获的 PHP 错误:session_start() [function.session-start]: open(/tmp/sess_t1..., O_RDWR) failed:第 46 行第 46 行文件 xxx.php 中的权限被拒绝 (13) 是 session_start();
Thank you for any advice in this.
感谢您在这方面的任何建议。
回答by Carlos Lima
Not sure if this is the best approach for your problem but you could try having PHP save session files in different directory for each domain.
不确定这是否是解决您问题的最佳方法,但您可以尝试让 PHP 将会话文件保存在每个域的不同目录中。
Take a look on session_save_path()documentation.
查看session_save_path()文档。
Keep in mind that you must set it BEFORE initializing the session.
Ideally, that should be one of the first things your script does.
请记住,您必须在初始化会话之前设置它。
理想情况下,这应该是您的脚本首先要做的事情之一。
回答by mr-euro
Are you sure that IE is triggering the issue?
您确定是 IE 触发了该问题吗?
The browser does not have any direct access to the session files, only the PHP (HTTPD) process has access to the session files.
浏览器不能直接访问会话文件,只有 PHP (HTTPD) 进程可以访问会话文件。
I do not see why one browser should give different error messages in the PHP log versus another.
我不明白为什么一个浏览器应该在 PHP 日志中给出与另一个不同的错误消息。
I think you may be dealing with two separate issues.
我认为您可能正在处理两个不同的问题。
回答by PatrikAkerstrand
One solution is to add this to the .htaccess file of each subdomain:
一种解决方案是将其添加到每个子域的 .htaccess 文件中:
php_value session.save_path '/path/to/a/writeable/folder'
Then ensure that each subdomain has permission to write to its own folder.
然后确保每个子域都有写入自己文件夹的权限。
回答by Raam Dev
I just had this same problem. It appears to be a problem with the way Apache returns session data for IE7 and IE8, but most likely because IE7 and IE8 have an improper way of announcing the domain they're requesting session data for.
我刚刚遇到了同样的问题。Apache 返回 IE7 和 IE8 的会话数据的方式似乎存在问题,但很可能是因为 IE7 和 IE8 以不正确的方式宣布它们请求会话数据的域。
Here's my scenario:
这是我的场景:
Running Apache 1.3 with two domains, each has their own account with their own users:
使用两个域运行 Apache 1.3,每个域都有自己的帐户和自己的用户:
Domain: mycompany.com
Session path: /tmp/
Webserver user: mycompanycom
Domain: support.mycompany.com
Session path: /tmp/
Webserver user: nobody
Here is what happens during a normal visit with Firefox/Safari/Chrome:
以下是使用 Firefox/Safari/Chrome 正常访问时发生的情况:
- I visit mycompany.com and session file is created in
/tmp/owned by the usermycompanycom. - I then visit support.mycompany.com, and second session file is created in
/tmp/owned by usernobody. - Apache doesn't get confused and the correct session files are returned
- 我访问 mycompany.com 并且会话文件是
/tmp/由用户创建的mycompanycom。 - 然后我访问 support.mycompany.com,第二个会话文件
/tmp/由用户创建nobody。 - Apache 不会混淆并返回正确的会话文件
However, here's what happens during a visit with IE7 and IE8:
但是,在访问 IE7 和 IE8 期间会发生以下情况:
- I visit mycompany.com and session file is created in
/tmp/owned by the usermycompanycom. - I then visit support.mycompany.com and, instead of creating second session file in
/tmp/owned by the usernobody, Apache tries to return the session file for mycompany.com. - The session file for mycompany.com is owned by the user
mycompanycom, so the web server, running as usernobodycannot access it. Permission is denied.
- 我访问 mycompany.com 并且会话文件是
/tmp/由用户创建的mycompanycom。 - 然后我访问 support.mycompany.com ,Apache 尝试返回 mycompany.com 的会话文件,而不是创建
/tmp/用户拥有的第二个会话文件nobody。 - mycompany.com 的会话文件归用户所有
mycompanycom,因此以用户身份运行的 Web 服务器nobody无法访问它。权限被拒绝。
The solution was, as others have suggested, to create a separate directory in /tmp/to separate the stored session data for support.mycompany.com:
正如其他人所建议的,解决方案是在其中创建一个单独的目录,/tmp/以分隔 support.mycompany.com 的存储会话数据:
mkdir /tmp/mycompany
chown nobody:nobody /tmp/mycompany
I then added the following to an .htaccessfile in the root web directory for support.mycompany.com:
然后,我将以下内容添加到.htaccesssupport.mycompany.com 的根 Web 目录中的文件中:
php_value session.save_path '/tmp/mycompany'
And finally, I removed any existing session data in /tmp/to ensure the new session path would get used immediately:
最后,我删除了任何现有的会话数据,/tmp/以确保新的会话路径可以立即使用:
rm -f /tmp/sess_*
And that's it! Now IE7 and IE8 work properly.
就是这样!现在 IE7 和 IE8 正常工作。
I'm fairly certain this problem has to do with how IE7 and IE8 request session data from Apache. They probably first request session data for mycompany.com and THEN request session data for support.mycompany.com, even though the latter was the only doman entered in the address bar.
我相当肯定这个问题与 IE7 和 IE8 如何从 Apache 请求会话数据有关。他们可能首先请求 mycompany.com 的会话数据,然后请求 support.mycompany.com 的会话数据,即使后者是地址栏中输入的唯一域。
