Inaccessible Session Directory

bugs:558


Session handling

ToDo

const CACHE_SESSION_DIR = '/tmp'; is defined in constant.php, and currently not set via the installer.
We may use ini_get('session.save_path') as indicator where the actual directory is, but we do not use the PHP build in session -> write value, its a nuisance that the user currently has to do this on his own.

Evaluation

I'm not sure if this is the proper way to do this, because session.save_path can be only an indicator, it even may give you invalid values like 5;/tmp or 2;/var/tmp back.


It is of course possible to strip the invalid parts, however it is very unlikely that you can use this path.

  • $save_path = current(array_reverse(explode(';', $path)));
  • invalid save_path or path length exceeds %d characters
  • Failed to write session data (%s). Please verify that the current setting of session.save_path is correct (%s)

session.save_path = "N;MODE;/path"


Perhaps we can use ini_get('session.save_path') directly as default when CACHE_SESSION_DIR is not set, so both options are available.

  1. sanitized session.save_path (default)
  2. CACHE_SESSION_DIR (for those who want use a different dedicated dir/path)

diff --git a/src/admin/module/system_info.php b/src/admin/module/system_info.php
index 1255f31..3a38a46 100644
--- a/src/admin/module/system_info.php
+++ b/src/admin/module/system_info.php
@@ -84,7 +84,7 @@
     $sysinfo['upload_max_filesize']    = [$engine->_t('UploadFilesizeMax'), $engine->binary_multiples($upload_max_filesize * 1024 * 1024, false, true, true)];
     $sysinfo['post_max_size']        = [$engine->_t('PostMaxSize'), $engine->binary_multiples($post_max_size * 1024 * 1024, false, true, true)];
     $sysinfo['max_execution_time']    = [$engine->_t('MaxExecutionTime'), get_cfg_var('max_execution_time') . ' seconds'];
-    $sysinfo['session_save_path']    = [$engine->_t('SessionPath'), CACHE_SESSION_DIR];    // ini_get('session.save_path')
+    $sysinfo['session_save_path']    = [$engine->_t('SessionPath'), CACHE_SESSION_DIR ?: current(array_reverse(explode(';', ini_get('session.save_path'))))];
     $sysinfo['default_charset']        = [$engine->_t('PhpDefaultCharset'), ini_get('default_charset')];
     $sysinfo['gzip_compression']    = [$engine->_t('GZipCompression'), $gzip_compression];
     $sysinfo['php_extensions']        = [$engine->_t('PhpExtensions'), implode(', ',get_loaded_extensions())];
diff --git a/src/class/http.php b/src/class/http.php
index 665599a..6e7b12b 100644
--- a/src/class/http.php
+++ b/src/class/http.php
@@ -283,7 +283,7 @@
         if ($this->db->session_store == 1)
         {
             $sess = new SessionFileStore;
-            $sess->cf_file_path = CACHE_SESSION_DIR;
+            $sess->cf_file_path = CACHE_SESSION_DIR ?: current(array_reverse(explode(';', ini_get('session.save_path'))));
         }
         else
         {
diff --git a/src/config/constants.php b/src/config/constants.php
index 2a2172b..020da64 100644
--- a/src/config/constants.php
+++ b/src/config/constants.php
@@ -28,7 +28,7 @@
 const CACHE_PAGE_DIR                = '_cache/page';
 const CACHE_SQL_DIR                    = '_cache/query';
 const CACHE_TEMPLATE_DIR            = '_cache/template';
-const CACHE_SESSION_DIR                = '/tmp';                // '_cache/session'
+const CACHE_SESSION_DIR                = '';                // '/tmp', '_cache/session'
 
 const CHMOD_SAFE                    = 0640;                    // better to use 0600 in production
 const CHMOD_FILE                    = 0644;                    // file creation mode
diff --git a/src/setup/version-check.php b/src/setup/version-check.php
index 5db4341..a282071 100644
--- a/src/setup/version-check.php
+++ b/src/setup/version-check.php
@@ -144,6 +144,7 @@
     /*
      Check file permissions
      */
+    $cache_session_dir = CACHE_SESSION_DIR ?: current(array_reverse(explode(';', ini_get('session.save_path'))));
 
     // [0] - directory, file
     // [1] - write permissions (octal integer, precede the number with a 0 (zero)!)
@@ -151,7 +152,7 @@
         [CACHE_CONFIG_DIR,        CHMOD_DIR],
         [CACHE_FEED_DIR,        CHMOD_DIR],
         [CACHE_PAGE_DIR,        CHMOD_DIR],
-        [CACHE_SESSION_DIR,        CHMOD_DIR],
+        [$cache_session_dir,    CHMOD_DIR],
         [CACHE_SQL_DIR,            CHMOD_DIR],
         [CACHE_TEMPLATE_DIR,    CHMOD_DIR],
         [CONFIG_FILE,            CHMOD_FILE],