ShaneBlack
asked on
Warning: session_start(): open(/tmp/sess_5013e2ec6b21f5fb4e9cd88b44f02800, O_RDWR) failed
I'm having trouble getting a cart that I coded to install on a server. It works fine on my server along with many others but I'm having trouble getting it to run on one particular server. Basically, I pass cart data from the viewcart page (http) to the checkout page (https) using http://www.mysite.com/checkout.php?PHPSESSID=[session id here]. On this particular server, I get the following error when trying to checkout:
--- Errors ---
Warning: session_start(): open(/tmp/sess_5013e2ec6b2
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/www/somedomain/store
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/www/somedomain/store
Warning: Cannot modify header information - headers already sent by (output started at /home/www/somedomain/store
Fatal error: Call to a member function on a non-object in /home/www/somedomain/store
Warning: Unknown(): open(/tmp/sess_5013e2ec6b2
Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
----------------
This only happens when I'm going from HTTP to HTTPS and vice versa. Otherwise, if i were to run the entire process under SSL it works flawlessly and the same goes for doing it entirely under HTTP. And the same scripts unmodified work perfectly fine on other hosts.
The only difference that I can notice on this particular host is that they require you to run PHP as a CGI. I tried modifying the php.ini file to change the location of the session dir so I could apply different permissions to it but ended up with the same errors.
Any help or suggestions would be greatly appreciated.
Shane
--- Errors ---
Warning: session_start(): open(/tmp/sess_5013e2ec6b2
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/www/somedomain/store
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/www/somedomain/store
Warning: Cannot modify header information - headers already sent by (output started at /home/www/somedomain/store
Fatal error: Call to a member function on a non-object in /home/www/somedomain/store
Warning: Unknown(): open(/tmp/sess_5013e2ec6b2
Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in Unknown on line 0
----------------
This only happens when I'm going from HTTP to HTTPS and vice versa. Otherwise, if i were to run the entire process under SSL it works flawlessly and the same goes for doing it entirely under HTTP. And the same scripts unmodified work perfectly fine on other hosts.
The only difference that I can notice on this particular host is that they require you to run PHP as a CGI. I tried modifying the php.ini file to change the location of the session dir so I could apply different permissions to it but ended up with the same errors.
Any help or suggestions would be greatly appreciated.
Shane
Is /tmp/ accessible? Maybe you have to CHMOD or something for you to access it.
ASKER
No that's not the issue.
Are you sure? Can you create and write to a file into this /tmp directory through a script, which is called vie HTTPS connection? I wonder if HTTP and HTTPS have shared tmp?
Create directory "sesave" with write perms in your script directory and try
ini_set("session.save_path
Create directory "sesave" with write perms in your script directory and try
ini_set("session.save_path
ASKER
I made a script containing the following:
$sourcefile = tempnam("/tmp", "test");
$handle = fopen($sourcefile, "w");
fwrite($handle, "testing");
fclose($handle);
$fd = fopen($sourcefile, "r");
$contents = fread($fd, filesize($sourcefile));
fclose($fd);
echo $contents;
I'm able to successfully run this under HTTP and HTTPS.
I've already tried your ini_set suggestion before but I gave it a go again and I still get the same error for the checkout script.
Also, i'm not sure if this is important but since php is running as a cgi I have access to a php.ini file.
$sourcefile = tempnam("/tmp", "test");
$handle = fopen($sourcefile, "w");
fwrite($handle, "testing");
fclose($handle);
$fd = fopen($sourcefile, "r");
$contents = fread($fd, filesize($sourcefile));
fclose($fd);
echo $contents;
I'm able to successfully run this under HTTP and HTTPS.
I've already tried your ini_set suggestion before but I gave it a go again and I still get the same error for the checkout script.
Also, i'm not sure if this is important but since php is running as a cgi I have access to a php.ini file.
If the directory does not exist, tempnam() may generate a file in the system's temporary directory, and return the name of that.
http://us2.php.net/manual/en/function.tempnam.php
So, what is your $sourcefile value?
Can you include this script into your checkout.php? Just to be sure..
http://us2.php.net/manual/en/function.tempnam.php
So, what is your $sourcefile value?
Can you include this script into your checkout.php? Just to be sure..
ASKER
Oh, I didn't know that. Then I'm guessing that's what is happening here because I don't have a /tmp dir under my account. It's probably using the system's temp dir as you said. But creating a /tmp dir with chmod 777 (?) permission and putting session.save_path="/home/d
As for the value of the $sourcefile... I'm not sure what you mean by "value" ?
And the script won't get a chance to run if i include it into my checkout.php file because I always get those permission denied errors caused by the session when going from http -> https. But I have no problems including the script if I do the entire process under https or http.
As for the value of the $sourcefile... I'm not sure what you mean by "value" ?
And the script won't get a chance to run if i include it into my checkout.php file because I always get those permission denied errors caused by the session when going from http -> https. But I have no problems including the script if I do the entire process under https or http.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You were right. My host doesn't run secure sessions as the master user unless you have an SSL cert installed. I got them fixing it up for me now. Thanks for pointing in the right direction.