Home/ Questions/Q 8178721
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T23:49:56+00:00

I have a client who is running a user management script. The host provider

  • 0

I have a client who is running a user management script. The host provider had blocked allow_url_fopen but is using suPHP so we created a local copy of php.ini with allow_url_fopen set to “on”.

The only problem now is that you can no longer login to using the script – it says ‘success logging you in’ – then logs you right out (because the sessions are either not getting created or are in the wrong place – excuse my lack server knowledge).

Here are the settings in the local php.ini

upload_tmp_dir = "/home/aspac124/public_html/tmp"
register_globals = On
memory_limit = 256M
session.save_path = "/home/aspac124/public_html/tmp"
safe_mode = off
upload_max_filesize = 32M
allow_url_fopen = On
zend_extension = "/usr/local/IonCube/ioncube_loader_lin_5.3.so"

I’m not sure why the hosting provider turned register_globals on for the client. But is that the correct place for the session.save_path? I’ve checked and the folder exists and I also set it to 777 just to make sure but no happiness.

Another client using the same system had a similar issue and told me he changed the tmp/ folder to his home directory and everything was fine.

I’ve tried to put the save path as just /tmp, /home/aspac124/tmp and nothing happens – just get logged out as normal. If I make up a path then I get a “No such file or directory” error.

When I put it as “/home/tmp” I get the following message

Warning: session_start() [function.session-start]: open(/home/tmp/sess_4417d180e599b5f12fc34a28f5467d21, O_RDWR) failed: Permission denied (13) in /home/aspac124/public_html/domainnamehere.com/includes/lightwork_session.php on line 45

What does this mean, is the home/tmp the correct place for this and if so what should I do – should the folder permissions be changed?

edit: I don’t have access to folders outside the domain root so cannot change the file permissions – have to wait for the client but would like as much info before then.

Thanks in advance

EDIT: Just for anyone reading this. Please make sure your local php.ini file settings are applied to any sub folder that may require it. I was making ajax requests to a file in a sub folder to the root and this was the issue.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should place your session and upload directories outside of the document root otherwise these will be accessible by anyone and can result in remote script injection, session hijacking etc.

    You should perhaps create a tmp directory as /home/aspac124/tmp and set the permissions so Apache can write to this directory. Perhaps set the chmod to 0760.

    • 0