Symfony 3.1.5 Warning: SessionHandler::read(): Session data file is not created by your uid

Question

I'm running Symfony 3.1.5 on a Ubuntu 14.04, PHP 7.1 and Apache 2.4.23 stack managed by Vagrant 1.8.6/VirtualBox 5.1.6. I'm trying to use a simple controller I've made to render a response on my frontend:

<?php

namespace AppBundle\Controller;

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Component\BrowserKit\Response;

class LandingController {
    /**
     * @Route("/", name="homepage")
     */
    public function showAction(){
        return new Response('This is the landing page!');
    }
}

When I attempt to access my Symfony frontend via /app_dev.php I see:

Warning: SessionHandler::read(): Session data file is not created by your uid 500 Internal Server Error - ContextErrorException

My Apache log reads:

CRITICAL - Uncaught PHP Exception Symfony\Component\Debug\Exception\ContextErrorException: "Warning: SessionHandler::read(): Session data file is not created by your uid" at /var/www/conan/var/cache/dev/classes.php line 366

The Symfony dev log reads:

==> /var/www/conan/var/logs/dev.log <== [2016-10-11 14:23:04] request.INFO: Matched route "{route}". {"route":"homepage","route_parameters":{"_controller":"AppBundle\\Controller\\LandingController::showAction","_route":"homepage"},"request_uri":"http://conan.dev/app_dev.php/","method":"GET"} [] [2016-10-11 14:23:04] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Debug\Exception\ContextErrorException: "Warning: SessionHandler::read(): Session data file is not created by your uid" at /var/www/conan/var/cache/dev/classes.php line 366 {"exception":"[object] (Symfony\\Component\\Debug\\Exception\\ContextErrorException(code: 0): Warning: SessionHandler::read(): Session data file is not created by your uid at /var/www/conan/var/cache/dev/classes.php:366)"} []

Seeing as this appears to be a session related issue, I've referred to the Symfony documentation for Session Management. It states:

Symfony sessions are incompatible with php.ini directive session.auto_start = 1 This directive should be turned off in php.ini, in the webserver directives or in .htaccess.

session.auto_start = 0 in my php.ini and the file is owned by user and group root:

$ ls -lta /etc/php/7.1/fpm/php.ini -rw-r--r-- 1 root root 70584 Sep 30 07:29 /etc/php/7.1/fpm/php.ini

I've tried creating an .htaccess (which I placed in my DocumentRoot) per the instructions in the Symfony documentation, but the error persists.

I've searched several threads and questions for a solution but have not landed on anything. Any ideas what is causing this?

marcusnjones · Accepted Answer · 2016-10-11T18:28:54.477

54

Editing config/config.yml and replacing save_path: "%kernel.root_dir%/../var/sessions/%kernel.environment%" with save_path: /var/lib/php/sessions fixed the error.

If you use an editor/IDE that automatically converts spaces to tabs, be sure to disable that feature before saving your changes. Failure to do so may cause a 'does not contain valid YAML' error to occur.

edited Oct 11 '16 at 18:28

answered Oct 11 '16 at 18:23

marcusnjones

1,085
1
10
18

5

I am using Vagrant for my project and this is what I had to do this morning. Rest of the team are using MAMP on MAC and they did not have to make that change. I wonder why it works on dev server and on live. – George Mylonas Oct 24 '16 at 08:47
1

I am also using Vagrant, I ended up following this post http://stackoverflow.com/questions/13169154/cannot-change-permissions-of-folders-within-vagrant-home-folder. The issue seems to be the permissions on the synced_folder settings. There's no need to make this change to the config.yml. Hope it helps someone. – Mark Smith Feb 15 '17 at 21:13
1

Another possible solution for some, is to just delete the current session files in /var/session/[environment]. Depending on how you've setup and run the server, and your Linux user setup, the files may be owned by different users. – LavenPillay Feb 16 '17 at 15:26
1

I'm using Docker and I had to create `/var/lib/php` manuall to make this work, so I think `./var/session` inside symfony project folder is preferable – vladkras Apr 06 '17 at 20:39
2

works, but shouldn't the config go to config/config_dev.yml to avoid accidentally touching your production environment? – Douwe Jun 17 '17 at 09:50
I have to use `/var/lib/php/sessions` for my Vagrantbox and the default one for my server. Maybe some of you will have to do that, too – CunningFatalist Oct 31 '17 at 09:36

score 19 · Answer 2 · answered Dec 03 '16 at 17:47

19

I had the same problem. The fix that worked for me is to change var/sessions owner to www-data:www-data (same user/group for php-fpm sub-processes) :

sudo chown -R www-data:www-data var/sessions/

answered Dec 03 '16 at 17:47

Takman

1,028
10
13

5

In my case, 'Operation not permitted'. I guess is mainly because of the sync folder with Vagrant. – Anthony Aug 07 '17 at 11:06

score 16 · Answer 3 · answered Aug 31 '17 at 15:24

16

AVOID change prod configuration for troubles that only occurs in development environment

Had the Same trouble when using Vagrant (PHP-FPM 7 + Nginx) with a sync folder (/vagrant ~ default)

Solved just put

    session:
        save_path: '/tmp'

on config_dev.yml inside framework entry

Just choose some place that Webserver and PHP can read/write without permission issues.

answered Aug 31 '17 at 15:24

Marcos Regis

814
9
13

That's what exactly happens, we have the same setup in Vagrant (PHP 7.1 + nginx 10) and this solves the issue. – Tecnocat Oct 31 '17 at 15:05
1

You can't use /tmp to store the sessions, need better security as /tmp is accessible to anyone and session files can be deleted. – Takman Nov 30 '18 at 18:42

score 9 · Answer 4 · answered Aug 25 '17 at 20:59

9

If Magento 2 generates this warning,

Just delete already existed session inside var/session folder and its fixed.

answered Aug 25 '17 at 20:59

Vinith

1,264
14
25

score 5 · Answer 5 · answered Jul 19 '17 at 13:55

5

I had a similar problem and clearing my browser's cache and stored data solved the problem.

On chrome and opera you should the following:

Developer tools > Application > Clear Storage > Clear Site Data

answered Jul 19 '17 at 13:55

Jesus Rodriguez

2,571
2
22
38

score 5 · Answer 6 · answered May 29 '18 at 05:41

5

In my case, *removing browser cookies fixed the issue. I didn't do any of the step mentioned above and tried to change permissions and all but no that wasn't the problem. I've faced problem on magento.

answered May 29 '18 at 05:41

Shahzaib Hayat Khan

893
11
17

works in the incognito chrome mode, since cookies are not kept – Remy Mellet Jun 26 '18 at 13:38

score 2 · Answer 7 · answered Feb 23 '18 at 20:29

Session path can't be written to since the web user and the owner of the content in the sessions folder are different and thus doesn't .

Solution is to set your /var or /var/sessions/ ownership to the web user.

chown apache:apache /var/ -R * Or: chown www-data:www-data /var/ -R *

Highest rated response is not really the best response here.

score 2 · Answer 8 · answered Oct 29 '18 at 14:50

If you are using NFS for the synced folder, then the UID and GID of all files in it will be the UID and GID of the host user running Vagrant, and might not match the UID and GID of the vagrant user on the guest. For example, I have:

-rw-r--r--  1  501 dialout 5.1K Oct 29 15:14 Vagrantfile

501 is the UID of my user on the Mac, and there is no corresponding user on the guest. dialout is the group on the guest that matches the staff group that’s my primary group on the Mac.

Although you have permissions to read and write all files in the synced folder, when PHP checks the UID of the session file owner, it doesn’t match the user PHP is running as, and it blocks the access as a security measure.

You can use the vagrant-bindfs plugin to work around this:

vagrant-bindfs

A Vagrant plugin to automate bindfs mount in the VM. This allow you to change owner, group and permissions on files and, for example, work around NFS share permissions issues.

Here’s what worked for me:

Run vagrant plugin install vagrant-bindfs

In your Vagrantfile:

config.vm.synced_folder '.', '/vagrant', disabled: true
config.vm.synced_folder '.', '/vagrant-nfs', type: 'nfs'

config.bindfs.bind_folder '/vagrant-nfs', '/vagrant'

Run vagrant reload

And it works:

-rw-r--r--  1 vagrant vagrant 5.1K Oct 29 15:45 Vagrantfile

score 0 · Answer 9 · answered Aug 16 '18 at 09:06

0

I am using PIMCORE which is based on symfony 3. To fix this issue,I just cleared browser cache.

I hope this will help.

answered Aug 16 '18 at 09:06

Faiyaz Alam

1,191
9
27

score 0 · Answer 10 · answered Jan 02 '20 at 06:40

0

In my case, i was using sysfony 2 and after removing the cache the problem was gone.

rm -rf /app/cache/*

answered Jan 02 '20 at 06:40

sh6210

4,190
1
37
27

Obii Kriationz Web LLP · Answer 11 · 2023-02-07T14:25:50.097

-1

If you are facing this issue on Symfony 5+, I updated the handler_id on the config/packages/framework.yaml to session.handler.native_file.

...................

Updated Response:

On 'config/packages/framework.yaml', the default handler_id is null.

session: handler_id: null cookie_secure: auto cookie_samesite: lax storage_factory_id: session.storage.factory.native

Update the handler_id to session.handler.native_file Reference: https://symfony.com/doc/current/session.html

edited Feb 07 '23 at 14:25

answered Jan 28 '23 at 10:37

Obii Kriationz Web LLP

1
4

1

Your answer could be improved by providing an example of what the `framework.yaml` should look like. A copy and paste of the contents surrounding this attribute would be sufficient. – Tyler2P Jan 30 '23 at 20:39

score -4 · Answer 12 · answered Oct 11 '16 at 15:38

-4

You are using wrong Response namespace.

You have use Symfony\Component\BrowserKit\Response; and should be use Symfony\Component\HttpFoundation\Response;

answered Oct 11 '16 at 15:38

Dmitry Malyshenko

3,001
1
12
20

Symfony 3.1.5 Warning: SessionHandler::read(): Session data file is not created by your uid

12 Answers12

vagrant-bindfs

Linked