1

I am currently struggling with a problem with one of my companies web applications. In the production environment we have a problem in which macbooks cannot create a session in one application when they're having a session in the other application. I pretty much narrowed down the problem but I am yet to find a solution.

PHP message: PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0" while reading upstream, client: 80.113.209.4, server: example.com, request: "GET /api/config/routes?route=%2Fauth%2Flogin HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm/example.com.sock:", host: "example.com", referrer: "https://example.com/auth/login"

Now when I go to the /tmp directory I am starting to see where things go wrong:

-rw-------  1 app1 www-data     0 Apr 20 10:43 sess_5tqsb9cbohto3anslkfiqm9uq6
-rw-------  1 app1 www-data     0 Apr 20 10:41 sess_8ecc8s1ipbb0h1l4b342nfqph2
-rw-------  1 app1 www-data     0 Apr 20 10:43 sess_9b5irh24v059o24c814tf3jol4
-rw-------  1 app1 www-data     0 Apr 20 10:43 sess_velp2nf8jcst5dhe358bciq8b6

When the user logs into "app1" PHP creates a session with "app1" as owner. But when I try to login to "app2" it sees that there is a session already and tries to open it. Now obviously this won't work because "app2" has no permission to read or write to the session of "app1".

The only strange thing here is that this only happens on macbooks. When I try to login to both applications on my linux machine it simply opens another session with user "app2".

I am running php5 with nginx and php-fpm. I use php sockets in order to connect nginx to php. Both applications have their own socket and run under a different user "app1" and "app2". Therefore the owner of the session depends on the application on which you login.

Does anyone know why php tries to use the same session for macbooks but creates a new session for windows and linux machines? And how would I go about solving this problem?

Edit: A possible solution would be to make www-data owner of the session files but I'd rather have a dedicated user to be owner of these files. So a solution would be appreciated. If there is no solution for the problem I'll have to go with the www-data owner.

Sander Koenders
  • 176
  • 1
  • 1
  • 10
  • Possible duplicate of http://stackoverflow.com/questions/13584628/session-start-not-working-on-mac or http://stackoverflow.com/questions/4585086/how-can-i-fix-the-permission-error-when-i-call-session-start – Hasan Peeal Apr 20 '16 at 09:13
  • It's not really a duplicate, I know that write permissions to /tmp is fine it's just the fact that linux and windows get a new session file while mac doesn't. – Sander Koenders Apr 20 '16 at 09:21

1 Answers1

0

So apparently Laravel4.2 is giving out PHPSESSID for the whole .example.com domain which interferes with "app2.example.com" because the client sends the ".example.com" domain cookie to the server and expects the server to have that session. The only problem is that this session was made for "app1" and isn't accessible to "app2".

Why this only happens to Macbooks is a mystery to me but atleast I can understand why it happens now.

This seems to be a problem in laravel4.2 as I cannot find a way to change this at the moment (not even by changing domain in config/session.php). I also tested the latest version of Laravel and it did not have that problem. Lucky for me we'll be releasing a new version of "app1" based on the latest version of laravel in 2 weeks so until then we'll have to deal with this issue.

Sander Koenders
  • 176
  • 1
  • 1
  • 10