make file readable by other users

Alaa Gamal asked:

i was trying to make one sessions for my all subdomains (one session across subdomains)

subdomain number one

auth.site.com/session_test.php


session_set_cookie_params(0, '/', '.site.com');
session_start();
echo session_id().'<br />';
$_SESSION['stop']='stopsss this';
print_r($_SESSION);

subdomain number two

anscript.site.com/session_test.php

session_set_cookie_params(0, '/', '.site.com');
session_start();
echo session_id().'<br />';
print_r($_SESSION);

Now when i visit auth.site.com/session_test.php

i get this result

06pqdthgi49oq7jnlvuvsr95q1
Array ( [stop] => stopsss this ) 

And when i visit anscript.site.com/session_test.php

i get this result

06pqdthgi49oq7jnlvuvsr95q1
Array () 

session id is same!

but session is empty

after two days of failed trys, finally i detected the problem

the problem is in file promissions

the file is not readable by the another user

session file on my server

-rw-------  1 auth auth 25 Jul 11 11:07 sess_06pqdthgi49oq7jnlvuvsr95q1

when i make this command on the server

chmod 777 sess_06pqdthgi49oq7jnlvuvsr95q1

i get the problem fixed!! the file is became readable by (anscript.site.com)

So, how to fix this problem? How to set the default promissions on session files?

this is the promissions of the sessions directory

Access: (0777/drwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)

My answer:


Your PHP session files must be readable by PHP/the web server, not necessarily by all users (this is a security risk).

To fix this issue, check what user your PHP (or apache with mod_php) is running as, and set the file ownership to that user for all of the session files (and the directory containing them, usually /var/lib/php/session or something similar).

chown -R user.group /var/lib/php/session

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.