NYCPHP Meetup

[nycphp-talk] Session problem on virtual host?

Mark Armendariz nyphp at enobrev.com
Wed Jan 19 19:25:21 EST 2005


On shared servers, I generally try to avoid using the server's global tmp
folder and instead use a 'local' one.

In your php.ini, htaccess or ini_set() you can do that with the following
vars:

# for file upload temp files
upload_tmp_dir = '/path/to/a/local/hidden/tmp/folder/'

# for sessions on your site
session.save_path = '/path/to/a/local/hidden/tmp/folder/'

On a few servers I've worked on you usually get access to a folder just
'above' the public_html folder:
/home/username/public_html/
/home/username/tmp/ <-- great place for a local tmp folder

And here's some info about setting those values properly:
http://education.nyphp.org/phundamentals/PH_ini.php?expiredate=2/16/2004

This is also more secure (as long as the shared host is jailed / sandboxed
somehow), as your sessions and upload temp files aren't sitting in some
shared folder that everyone on the server has access to.

On a side note, anyone here use pair.com?  I just ran into something very
disturbing on their shared servers that I'd like to tell you about off-list.

Mark

> -----Original Message-----
> From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org]
> On Behalf Of Stephen Musgrave
> Sent: Wednesday, January 19, 2005 7:05 PM
> To: talk at lists.nyphp.org
> Subject: [nycphp-talk] Session problem on virtual host?
> 
> List -
> 
> I am having a problem with a content management system that I wrote
> running on a Speakeasy shared host.  I use session to store variables
> to maintain state such as the primary key ID for a content row I am
> updating.
> 
> For the most part, this works really well, but from time to time
> something goes wrong and it feels like the session gets wiped out or a
> formerly used primary key ID reappears into the session, overwriting
> the current primary key ID and causes me to overwrite that record in
> the database.
> 
> I haven't actually witnessed this occurrence, as it happens only about
> 5 percent of the time, according to the person who is reporting it.
> 
> I think I have read somewhere in passing that if shared hosts are not
> setup properly, sessions from other virtual domains can conflict or
> that session is flaky altogether.
> 
> I have reason to suspect that the server isn't setup properly because
> when I use $_SERVER['DOCUMENT_ROOT'], it points to a directory that is
> somewhere else in the file system.  Somebody told me that this is
> because they are cheating and using symbolic links.  I'm not a server
> guy and I haven't been able to get a straight answer from the hosting
> provider support staff.
> 
> I should note that this CMS has run on at least 5 other shared hosting
> environments and it has been a problem.
> 
> Thanks,
> 
> Stephen
> 
> _______________________________________________
> New York PHP Talk
> Supporting AMP Technology (Apache/MySQL/PHP)
> http://lists.nyphp.org/mailman/listinfo/talk
> http://www.nyphp.org





More information about the talk mailing list