≡ Menu

Lighttpd: Beware of Default PHP Session Path Permission [ session.save_path ]

Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site.

This path is defined in /etc/php.ini file and all data related to a particular session will be stored in a file in the directory specified by the session.save_path option.

After installing phpMyAdmin I was able to login but unable to select or modify tables. First, I thought I made some configuration errors, and then I reinstalled phpMyAdmin again. It was not working at all.

Finally, php error log file provides me the answer with the following errors:

[26-Jul-2006 13:35:22] PHP Warning:  Unknown: open(/var/lib/php/session/sess_lLFJ,tk9eFs5PGtWKKf559oKFM3, O_RDWR) failed: Permission denied (13) in Unknown on line 0
[26-Jul-2006 13:35:22] PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0
[26-Jul-2006 13:35:40] PHP Warning:  Unknown: open(/var/lib/php/session/sess_lLFJ,tk9eFs5PGtWKKf559oKFM3, O_RDWR) failed: Permission denied (13) in Unknown on line 0

/var/lib/php/ has root:apache write permission combination. Since I had migrated from the Apache to Lighttpd web server, I forgot to set correct permission for session directory (php.ini - session.save_path directive). To change file owner and group permission you need to use the chown command as follows:
# chown root:lighttpd /var/lib/php/ -R

Now my phpMyAdmin is working fine.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 6 comments… add one }

  • itamar May 24, 2007, 1:58 am

    I belive the best option is add lighttpd to group apache.

  • Misinformed February 7, 2008, 4:52 pm

    Genius. Thanks for the tip.

  • Rey April 5, 2009, 1:30 pm

    try chmod 1777 /var/lib/php/session

  • Marcelo August 5, 2010, 9:15 pm

    Excellent!

    Works 100%

    Thanks!

  • Ray April 24, 2012, 9:51 pm

    Rey,
    One would be stupid to set permissions to 777, huge security risk.

    • bob March 18, 2013, 10:17 am

      I agree… on /var/lib/php/session only Apache and root should have write permissions…
      Other may consider this an exploit and do some damage …

Leave a Comment