session-based authentication code not working on shared host

My Auth code works locally but not on my host, and I'm debugging it to
find out, why not.

Except where noted, I'll be referring to my webhost's configuration.
I'm using a .htaccess "AddHandler" directive, to force php5
I notice with the help of phpinfo(), I'm locally using "Apache 2
Handler" but my host uses CGI.
session.auto_start Off Off
I'm actually hosting this alpha site, wholly contained in a
subdirectory, but use relative references and links, so this should not
be an issue.
I do have access to logs.

The authentication will be used, for a business site, to determine the
user and which office and data they should have access to. Since my
host ruled out using "auto_prepend_file", I've come up with variation
that should be equally effective.

Structure is something like this:
Any file that has processing or reports that are office specific will
force authentication:
include('MyAccessControl.php"); //(MAC) which consists of alot of
mixed mode php/html

The purpose of MAC is as follows:
- If you have a session and a user, use minimal processing and get
through
- If you don't provide an auth form ( with action, back to
$_SERVER['PHP_SELF'] )
also, loop (restrict or exit) until user-password values match to
those in DB

MAC psuedo code
session_start();
$user = get from $_SESSION or from $_POST
if (!isset(user)) provide form, etc
the key of course is action=$_SERVER['PHP_SELF'] which is not MAC
but the file that included MAC, ie: MyOfficeReport.php (MOR)

I'm not getting back to MOR, but I'm not getting any error either.
I'm getting a minimal html page, basically empty html-head-body

Pre test: Noted when 1st seeing the auth form, source had
PHPSESSIONID=... Looked good
One test: print to a file the basename($_SERVER['PHP_SELF']) That
looked fine.
Two test: set up a session and user, then link to MOR, to see if it
would display correctly or show the Auth form ( it showed the auth
form ).

sorry for this explanation being long. Anyone have a suggestion on
this ? TIA

I'm finding a few sources of problems in the CGI log ( of shared host )
Is this an Apache log, filtered by errors on my domain ?

Hoping to clean up and run error-free asap.
I had a few fatal errors, based on require("foo"), which I can fix,
but I'm concerned with this one at this point. see below

PHP Warning: Unknown: Failed to write session data (files). Please
verify that the current setting of session.save_path is correct
(/var/php_sessions) in Unknown on line 0
PHP Warning: Unknown:
open(/var/php_sessions/sess_cf7ce45dd2a55dd3be34a1a666321330, O_RDWR)
failed: No such file or directory (2) in Unknown on line 0

seems pretty obvious, this is a hosting issue.

awebguynow wrote:

Quote:

I'm finding a few sources of problems in the CGI log ( of shared host
) Is this an Apache log, filtered by errors on my domain ?
>
Hoping to clean up and run error-free asap.
I had a few fatal errors, based on require("foo"), which I can fix,
but I'm concerned with this one at this point. see below
>
PHP Warning: Unknown: Failed to write session data (files). Please
verify that the current setting of session.save_path is correct
(/var/php_sessions) in Unknown on line 0
PHP Warning: Unknown:
open(/var/php_sessions/sess_cf7ce45dd2a55dd3be34a1a666321330, O_RDWR)
failed: No such file or directory (2) in Unknown on line 0
>
seems pretty obvious, this is a hosting issue.

Well, a configuration issue:

<?php
session_save_path('/a/path/that/does/exists');
?>

Which should be a path outside of the webroot (or at least protected by an
..htaccess file) that has writing permissions.

Further information to be found at:
http://www.php.net/manual/en/ref.session.php

Grtz,
--
Rik Wasmus

I'm making note of your comments, Rik

and also noticing some of the PHP user notes:

session_save_path() required on every page that saves or accesses a
var.

also security concerns, by webmaster at gardenchemicals

It looks like path should be FQ path from root of machine.
I'll check on write permissions and best place to store sessions.
Cookie path, I assume would be relative to htdocs/

session.cookie_path / /
session.save_path /var/php_sessions /var/php_sessions

awebguynow wrote:

Quote:

I'm making note of your comments, Rik
>
and also noticing some of the PHP user notes:
>
session_save_path() required on every page that saves or accesses a
var.
>

Only if you use session_save_path() on any page. If php is configured
correctly it is not needed.

Quote:

also security concerns, by webmaster at gardenchemicals
>

I saw that also and completely dismissed it for too many reasons to go
into here.

Remember - user notes are exactly that - USER NOTES. They do not
indicate the expertise level of whomever is posting the notes. And they
may or may not be accurate.

Quote:

It looks like path should be FQ path from root of machine.
I'll check on write permissions and best place to store sessions.
Cookie path, I assume would be relative to htdocs/
>
session.cookie_path / /
session.save_path /var/php_sessions /var/php_sessions
>

Best place for session data IMHO is /tmp. But others have different
opinions, also.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

session-based authentication code not working on shared host

re: session-based authentication code not working on shared host

re: session-based authentication code not working on shared host

re: session-based authentication code not working on shared host

re: session-based authentication code not working on shared host

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about