Home/ Questions/Q 504387
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T06:29:30+00:00

I have a domain domain.com and subdomain sub.domain.com Those two domains have different ftp

  • 0

I have a domain domain.com and subdomain sub.domain.com Those two domains have different ftp users (user1, user2) belonging to the same group (usergroup) on linux environment. Finally I have the same PHP application that uses sessions on both domains (one is live and other is testing environment).

When I go to domain.com without going first to sub.domain.com, PHP session file is created in default folder /tmp/ with proper permissions 600 and user1:usergroup, when I access sub.domain.com without going first to domain.com, a file is created with permissions 600 and user2:usergroup.

All is great for all browsers but IE (please do not focus on this). What I found out is that when I access sub.domain.com and then try domain.com PHP tries to read the same session file but has no permissions and page is loading indefinitely. Changing ownership of the file to user1 makes domain.com work but prevents sub.domain.com from working.

How to make Apache or PHP create different files for sessions or make them accessible from both domains.

P.S.
Like I said for some weird reason this happens only for IE and the error message from PHP is:
Uncaught PHP Error: session_start() [function.session-start]: open(/tmp/sess_t1…, O_RDWR) failed: Permission denied (13) in file xxx.php on line 46
on line on line 46 is session_start();

Thank you for any advice in this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I just had this same problem. It appears to be a problem with the way Apache returns session data for IE7 and IE8, but most likely because IE7 and IE8 have an improper way of announcing the domain they’re requesting session data for.

    Here’s my scenario:

    Running Apache 1.3 with two domains, each has their own account with their own users:

    Domain: mycompany.com 
Session path: /tmp/
Webserver user: mycompanycom

Domain: support.mycompany.com 
Session path: /tmp/
Webserver user: nobody

    Here is what happens during a normal visit with Firefox/Safari/Chrome:

    1. I visit mycompany.com and session file is created in /tmp/ owned by the user mycompanycom.
    2. I then visit support.mycompany.com, and second session file is created in /tmp/ owned by user nobody.
    3. Apache doesn’t get confused and the correct session files are returned

    However, here’s what happens during a visit with IE7 and IE8:

    1. I visit mycompany.com and session file is created in /tmp/ owned by the user mycompanycom.
    2. I then visit support.mycompany.com and, instead of creating second session file in /tmp/ owned by the user nobody, Apache tries to return the session file for mycompany.com.
    3. The session file for mycompany.com is owned by the user mycompanycom, so the web server, running as user nobody cannot access it. Permission is denied.

    The solution was, as others have suggested, to create a separate directory in /tmp/ to separate the stored session data for support.mycompany.com:

    mkdir /tmp/mycompany
chown nobody:nobody /tmp/mycompany

    I then added the following to an .htaccess file in the root web directory for support.mycompany.com:

    php_value session.save_path '/tmp/mycompany'

    And finally, I removed any existing session data in /tmp/ to ensure the new session path would get used immediately:

    rm -f /tmp/sess_*

    And that’s it! Now IE7 and IE8 work properly.

    I’m fairly certain this problem has to do with how IE7 and IE8 request session data from Apache. They probably first request session data for mycompany.com and THEN request session data for support.mycompany.com, even though the latter was the only doman entered in the address bar.

    • 0