Joomla! :: View topic - phpsuex-login loop-session directory admin lgging out fix

[PHP]

session.save_path ("/home/your_user/public_html/tmp");
session.cookie_path =

ini_set ('safe_mode', '0');

<?php echo (($sp=ini_get('session.save_path'))?$sp:'none');

session_save_path ('/home/your_user/public_html/tmp');

<?php echo (($sp=ini_get('session.save_path'))?$sp:'none');

                  session_save_path ('/home/your_user/public_html/tmp');
session_name( md5( $mosConfig_live_site ) );
session_start();
                  ?>

session_name( md5( $mosConfig_live_site ) );

session_save_path ('/home/your_user/public_html/tmp');

session_name( md5( $mosConfig_live_site ) );

session_save_path ('/home/your user/public_html/tmp');

session_start();

[PHP]

ini_set ('safe_mode', '0');

php_value session.save_path ("/home/mydir/public_html/tmp");

session.cookie_path =
RewriteCond %{HTTP_HOST} ^www.*******[NC]
RewriteRule ^(.*) http://******/$1 [L,R=301]

allow_url_fopen = OFF
php_value register_globals off
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open

Options Includes ExecCGI FollowSymLinks MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !\.(jpg|jpeg|gif|png|css|js|pl|txt)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php

allow_url_fopen = OFF
register_globals = OFF
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
session.save_path = /home/mydir/public_html/tmp
safe_mode = OFF

session.save_path="/home/youruser/tmp/httpd/session"

session.save_path=/vhost/blahblah/www/tmp

Author:	vikings [ Sat Jul 29, 2006 12:31 am ]
Post subject:	phpsuex-login loop-session directory admin lgging out fix
I realize that there are several posts as to this problem, however after some work I decided to post a fix here that worked for me. This fixes the virtual servers login issues for admin and saving to session folders which do not write. I tested this on latest joomla 10.01 first create a folder in your public_html directory called tmp chown-755 create an php.ini file(php.txt document with saved as php.ini) copy this: Code: [PHP] session.save_path ("/home/your_user/public_html/tmp"); session.cookie_path = (if you need safe mode off then also insert:) Code: ini_set ('safe_mode', '0'); save and upload to same diectory Open Administration/components/com_admin/admin.admin.html.php and find : Code: <?php echo (($sp=ini_get('session.save_path'))?$sp:'none'); insert after this line: Code: session_save_path ('/home/your_user/public_html/tmp'); so it all looks like this: Code: <?php echo (($sp=ini_get('session.save_path'))?$sp:'none'); session_save_path ('/home/your_user/public_html/tmp'); session_name( md5( $mosConfig_live_site ) ); session_start(); ?> Next open : Administartor/index.php and find: Code: session_name( md5( $mosConfig_live_site ) ); and add: Code: session_save_path ('/home/your_user/public_html/tmp'); ao it looks like: Code: session_name( md5( $mosConfig_live_site ) ); session_save_path ('/home/your user/public_html/tmp'); session_start(); Be sure that session start is the last Line do the exact same for Administrator/index2.php and for index3.php Now login and check that sytem tab shows that the sessions TMP folder is in fact there with the path you outlined and is writeable. To check that it worls correctly check with ftp and look to see if it contains session data. I was constantly logged out no matter what I did due to phpsuexe installed on server, now I can stay logged in as long as required by using session length in configuration Hope that helps all like it did for me

Author:	basic612 [ Wed Aug 16, 2006 3:56 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Hi, Thanks for the post / sharing your findings. I find it hard to believe how many typos you have in there though The fix is a fair bit simpler than what you outline: Make a folder outside of the document root - but within the area that your web server process can write to, I use the tmp directory in my shared user folder, and make my own directory to be storing apache tmp files in: /home/youruser/tmp/httpd/session make sure that your web server process has write permissions to this directory. If the web server can not write above your public_html / whatever root directory, then I guess you will have to put it in the public structure somewhere... Then create a file: /home/youruser/public_html/administrator/php.ini with the contents: session.save_path="/home/youruser/tmp/httpd/session"; And that's it. If you check phpinfo (or check in the CMS admin system info) you should see that directory now marked as the session.save_path value. No core hacks needed - just the way I like it Note you will need to have this php.ini file inside any directories that need the sessions set correctly - unfortunately it is not as easy as it is with .htaccess files where you can put your config values in the root directory and they will propagate in to all the child directories unless overridden by a file further up.

Author:	vikings [ Wed Aug 16, 2006 5:08 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
thanks so much for pointing out spelling errors, how considerate of you. Understand as well, as you notice the title of my post also took note of the admin logging out problem, that is why I added the extra hacks as well. If you are on a shared server and have phpsuexe and have the problems I have outlined and or are in need of a all in one posting regarding these issues then this post was for you. I didn't create a post to have it analyzed, there are many postings as to the fixes some users have on a shared host, I merely brought all of them together in one post. Also understand with some writing and reading being recursive you will need more than just to installa php.ini file in admin folder. For instance if you have a component which requires a pop up for editing you will need to also insert a .ini file in that folder as well. My feeling is that you do not have the issue of getting logged out repeatedly in admin, so I am glad that you have a fix you are comfortable with and works for you, however I believe my posting will help others who do have a number of problems with shared hosting and are using cgi php. Once again thank you for your input.

Author:	basic612 [ Wed Aug 16, 2006 7:48 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Hi, I hope you didn't think I was being facetious - I actually appreciated finding your post as it did get me on the right track trying to solve exactly the same problem you describe - I was being logged out of a cpanel server with php compiled as a module and suexec enabled. The purpose of my post was to let you know there might be an easier way, as well as doing my bit to prevent newcomers for getting bogged down with perplexing server or php errors. My comment regarding the typos was not really about spelling, but related to the fact that I initially tried to follow your and found that there were parts missing, eg: Quote: first create a folder in your public_html directory called tmp chown-755 create an php.ini file(php.txt document with saved as php.ini) copy this: Code: [PHP] session.save_path ("/home/your_user/public_html/tmp"); session.cookie_path = (if you need safe mode off then also insert:) Code: ini_set ('safe_mode', '0'); save and upload to same diectory It seems that you missed out on posting all the code - and even if it was all there, this is not the correct format for a php.ini include file in the scenario you mention - the fragment of code you posted are php functions not php.ini directives. If you do have the code you posted added to your installation I would be amazed if you could even log in - let alone not get logged out! As you state, and as I stated in my original reply, there may be the need to have the ini file in other directories - I was wondering whether users logging in on the front end would have a similar problem. Anyway - in looking through the information you supplied, it is definitely not necessary to do the core hacks to any of the four administrator php files you detail. If you try the solution I have posted without the core hacks you will find that your sessions work properly. Admittedly I have not found any other session or suexec related problems as yet, but if and when I do I will still be trying to correct these by adjusting php / server settings rather than hacking core code. HTH. PS. I'm looking forward to the day we get to set variables such as these within configuration.php rather than having dig through server logs and forum posts!

Author:	vikings [ Wed Aug 16, 2006 8:36 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
I am truly finding it hard to understand what you are trying accomplish here. I created this post to help those that do not understand the complexities usually offered here. I retried using my directions and it works fine. If you see other posts regarding thses issues you will also see that many have done as you have stated as and as I have and were still getting kicked from admin regardless what the config file offered. It was after many searches that i found the solutions, all of the above fixes were taken from here in these forums It was the only way I could keep myself from being kicked out and still have php directives. All i did was merely grab them all and placed them in one posting so others did not need to search countless postings to find a solution. As i stated before if you had a fix that worked for you then I am glad for you, but please consider that others were not getting help with just that. Are you sure you are not getting logged out after a while? Here is my php ini file Code: [PHP] ini_set ('safe_mode', '0'); php_value session.save_path ("/home/mydir/public_html/tmp"); session.cookie_path = RewriteCond %{HTTP_HOST} ^www.******[NC] RewriteRule ^(.) http://*****/$1 [L,R=301] allow_url_fopen = OFF php_value register_globals off disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open Options Includes ExecCGI FollowSymLinks MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !\.(jpg\|jpeg\|gif\|png\|css\|js\|pl\|txt)$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.) index.php Now I am able to use mod rewrite, sessions saved and deleted on exit, every component working properly No getting logged out, and no warnings saying you must be logged in to .. None of this would work if I didnt do the above hacks. Now please try and realize what may work for you doesnt work for the next person, I find it disheartening that I offer help here and then to be told by non mods that its not necessary. have a good day

Joomla! http://forum.joomla.org/

phpsuex-login loop-session directory admin lgging out fix http://forum.joomla.org/viewtopic.php?f=32&t=81056	Page 1 of 1

Author:	basic612 [ Sat Aug 19, 2006 5:11 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Hi - sorry I have been AFK for a while. Looking at your php.ini file as posted you have quite a few incorrect entries in there. AFAIK the following would have exactly the same effect on your setup (as the incorrect entries would be causing the config to be ignored by php cgi at any rate - check your server error log files). Code: allow_url_fopen = OFF register_globals = OFF disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open session.save_path = /home/mydir/public_html/tmp safe_mode = OFF I'm not sure why you are disabling safe_mode though - you might want to check the TOS for your hosting provider, as trying to get around safe_mode in a local php.ini in this way could be grounds for them booting you off their server. Most of the other entries you have belong in an .htaccess file. - all the stuff about rewrites. some of them are php functions, and only have effect when they are in a php script - they are not valid in a php.ini. I have adjusted these for inclusion in a php.ini above. Once again I suggest you check the documentation on this. you can check to see what effect your php.ini file is having by putting the a script with the following code in the same directory: Code: <?php phpinfo(); ?> With your current php.ini file I think you will see output from phpinfo. Check to see if some of the settings you have made are in effect. If you then create a new directory and put my version of your php.ini file and the phpinfo script in there, you will get a message telling you that phpinfo has been disabled. If you then remove the phpinfo entry from disable_functions you will see output from phpinfo with settings as detailed in the php.ini file. If you re-read my original post and give it a go (ensuring that there are no typos or omissions, and that you have the required tmp session storage directories in a location that is available to and writable by your web server , ie. /home/your_user/public_html/tmp in your original example) the you should find that your admin sessions work properly. You should be able to fix all of these session related issues without having to hack any Joomla code. Trust me on this - hacking the core / deviating from the standard code-base may seem like a quick and easy way to get around problems you are facing with the application, but it is only going to make your set-up harder to upgrade / maintain and more likely to break in the future. HTH

Author:	vikings [ Sat Aug 19, 2006 1:38 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Listen up bud, I searched you other posts by username, and it seems you have in the past actually rewrote and hacked the core code. Now please stop , I do not understand your need to argue with me, my server and config differs from yours and what I have in place has actually been suggested here on the forums in different postings, maybe you should run a search. My htaccess files will not work; for the last time, for we are running php as cgi, therefore my need for the ini files. Until I hear from a moderator and or coder as to this validity then I will disregard your postings as nothing more than someone who has a distinct need to argue with someone becuase they have personal issues. What is your problem? Do you think everyone has the same issues and server config as your self? Are you even on a shared host? Are you running phpsuexe>? Do you have the same php ini overwrites as myself? Let it go bud, for I was trying to help here, this works absolutely perfect for me, I have no errors, so please let it go, for I feel no more need to post here in the forums with help and or otherwise because of trollers such as yourself.

Author:	infograf768 [ Sat Aug 19, 2006 2:13 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Cool, please ! This thread is becoming tense. Would not like to have to lock it. $:-\$

Author:	infograf768 [ Sat Aug 19, 2006 2:19 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
BTW: as far as I know basic612 is quite right concerning the format of a php.ini file. Vikings, it looks you are mixing up htaccess directives and php.ini strings.

Author:	vikings [ Sat Aug 19, 2006 2:28 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
then how is it that I am actually having no problems and everything works fine with no errors and If I do any less i get problems? And thank you for your input.

Author:	basic612 [ Sun Aug 20, 2006 1:29 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Vikings - some of the mods you are doing (the core hacks) are masking the problem / working around it, which is one way to fix the problem, and which is why you are not noticing the errors in the php.ini file. I believe that your core hacks will work without needing any information at all in the php.ini file. With regards to your .htaccess entries being in the php.ini - when suexec is enabled the only thing you can not put in an .htaccess file are php configuration directives. All of your apache module related settings - such as mod_rewrite and mod_auth directives still belong in your .htaccess file. you can read more of this if you do a google search, eg: http://www.google.com/search?q=.htacces ... +phpsuexec As you state, I have (and continue to in cases where there is no cleaner solution) hacked core code in the past. But I have also learnt from having to maintain such hacks on various client sites, and not just in Joomla CMS, that this has caused me more and more headaches with maintenance and updates. I do as little core hacking as possible nowadays, and am working to bring my various sites back in line with the standard code base wherever possible. In this case I am running four separate sites using Joomla 1.1.10 in a new shared host / suexec environment (I also happen to be the server admin) and came across this problem - the server is running cpanel / whm and I have complied apache with PHP suEXEC. I was having admin session lock-out problems, and as I stated in my first post your original message pointed me in the right direction, and allowed me to fix the problem with one simple php.ini addition to the administrator directory: Code: session.save_path="/home/youruser/tmp/httpd/session" (I actually made a typo in my original post / attempts - I have removed the erroneous ; in this one, although having a semi-colon in the php.ini did not seem to break anything) I am guessing that the reason you have had problems with the php.ini solution in the past (and have therefore had to go with the core hacks) is because the config in your php.ini had other errors in it, such as the .htaccess inclusions - which meant that it not being loaded by the server. I am most definitely not a troll, and I did not believe that I was having an argument - I thought that I was trying to help you / the community (and myself) have a better understanding of the issues faced when hosting Joomla 1.1.10 in a phpsuexec scenario. One thing you could try to do before you have another volley at me is install a fresh copy of Joomla 1.1.10 in a new directory on your server, and try the suggestion I have made and see if that works for you. When you do it be sure to have a look at the output from phpinfo and check that the config has taken effect, and that the directory you are specifying for session files is reachable and writeable by your web process. If you have any problems with getting it working then feel free to post and I or some other community member might be able to help you track down the issue. If you choose to look into this further, great! If you are happy that what you have works for you and don't want to look in to it futher then that is great too. If you do look into it further and have some questions then please post them and I or some other community member will no doubt find the time to answer them. note - last para edited, same general meaning with less late night ranting on my part

Author:	dhuelsmann [ Sun Aug 20, 2006 3:06 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Keep on point and keep it courteous on both sides. The mods are watching this thread closely. Regards Dave

Author:	Alex53 [ Tue Aug 29, 2006 7:12 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Not wanting to add fuel to any arguments, just simply to seek a solution to my problem I have tried to solve the admin logout problem using php.ini with just; session.save_path=/vhost/blah blah etc/www/tmp Created that tmp folder, and checked phpinfo. The value had changed from / to /tmp which I took to have solved the problem, but alas, it still happens. I copied the same php.ini file to the /administrator folder and to /administrator/components/com_admin just in case, still no luck. Any ideas before I am tempted into the dark side of core hacks? EDIT: Oh well, I gave the hacks a go, solved the problem. I am afraid at least in some cases on some servers there is more to it than a simple php.ini file.

Author:	basic612 [ Tue Aug 29, 2006 11:29 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Hi, In your php.ini do you have any spaces in the session save path? if so you will need to enclose the path in "" anyway, I don't thing that that's the problem here. From your question, in this example I am assuming that your joomla installation is in this location: /vhost/blahblah/www/ if you create a php.ini file located at: /vhost/blahblah/www/administrator/php.ini Code: session.save_path=/vhost/blahblah/www/tmp make sure you create the directory: /vhost/blahblah/www/tmp then create the file: /vhost/blahblah/www/administrator/info.php with the contents: Code: <?php phpinfo(); ?> now if you navigate to: http://yoursite.com/administrator/info.php you should see php information showing the changes you have set. Specifically make sure that you see the proper location of your php.ini file shown here: Configuration File (php.ini) Path also check if your session.save_path is shown correctly in phpinfo. If it is then you should see the same values shown in the Joomla administrator "system Information" section. Note that in this seciton you have to places to look - "System Info" which will show you information as Joomla sees it, and "PHP Info" which should show you the same output as per the info.php file you have made earlier. Anyway - if the session.save_path is shown correctly as per your override settings, then you should be able to get sessions to work properly. Any issues you have from here on in will likely be due to directory permissions or open_basedir issues. BTW - I would advise against putting your session save path under the web root if at all possbile - otherwise you're one step away from revealing the inner workings of your site to unscrupulous visitors - what happens if you go to this URL? http://yoursite.com/tmp/ If you're dealing with a default Cpanel setup I would guess it is showing a directory containing your session files... If you absolutely have to put the tmp directory under your web root, then you should protect the directory with a blank index.htm file and some .htaccess goodness. Also note you can check whether your php.ini override is working even with the core hacks in place that you have done - if your php.ini is working then you should see any changes you make in that file reflected in info.php or in the Joomal "PHP Info" section. HTH

Author:	basic612 [ Tue Aug 29, 2006 11:34 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
BTW - I just thought - is /vhost/blahblah/www your actual web root? or is it a symbolic link? Not sure if it is a symbolic link that may be causing you problems with your PHP paths... but I think I am likely barking up the wrong tree here. On my cpanel server I have symbolic link fow www like this: [/home/blahblah]# ls -l total 9924 drwxr-xr-x 9 blahblah blahblah 4096 Aug 29 20:40 ./ drwx--x--x 29 root root 4096 Aug 29 19:27 ../ -rw------- 1 blahblah blahblah 387 Aug 29 20:36 .bash_history -rw-r--r-- 1 blahblah blahblah 304 Aug 29 19:27 .bash_logout -rw-r--r-- 1 blahblah blahblah 191 Aug 29 19:27 .bash_profile -rw-r--r-- 1 blahblah blahblah 124 Aug 29 19:27 .bashrc -rw------- 1 blahblah blahblah 16 Aug 29 20:19 .contactemail -rw-r--r-- 1 blahblah blahblah 10 Aug 29 20:19 .contactsavetime drwx------ 2 blahblah blahblah 4096 Aug 29 20:52 .cpanel-datastore/ -rw-r--r-- 1 blahblah blahblah 383 Aug 29 19:27 .emacs drwxr-xr-x 2 blahblah blahblah 4096 Aug 29 20:48 etc/ drwxr-xr-x 2 blahblah blahblah 4096 Aug 29 19:28 .fantasticodata/ -rw------- 1 blahblah blahblah 15 Aug 29 20:40 .lastlogin drwxr-x--- 5 blahblah mail 4096 Aug 29 19:27 mail/ drwxr-xr-x 3 blahblah blahblah 4096 Aug 8 01:29 public_ftp/ drwxr-x--- 11 blahblah nobody 4096 Aug 29 20:56 public_html/ drwxr-xr-x 7 blahblah blahblah 4096 Aug 29 20:17 tmp/ -rw------- 1 blahblah blahblah 789 Aug 29 20:20 .viminfo lrwxrwxrwx 1 blahblah blahblah 11 Aug 29 19:27 www -> public_html/

Page 1 of 1	All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/

Author:	Alex53 [ Tue Aug 29, 2006 11:36 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Nope, no spaces in the path and its not a symbolic link. As I said, the path in phpinfo does change accordingly, but without the hacks I still get logged out. On the other note, directory listings are denied on the server, and each session file has tougher permissions than the temp directory, so visitors cant see anything, they just get 'forbidden'.

Author:	basic612 [ Tue Aug 29, 2006 11:42 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
ok - tmp directory protection is good. Quote: I have tried to solve the admin logout problem using php.ini with just; session.save_path=/vhost/blah blah etc/www/tmp Created that tmp folder, and checked phpinfo. The value had changed from / to /tmp which I took to have solved the problem, but alas, it still happens. this is strange, you say that the value has changed from / to /tmp, which is not what should be happening. Are you sure that the session.save_path was / before you made the php.ini changes? what does phpinfo say about the location of your php.ini file? if the settings you have made were taking effect, I would expect the value for session.save_path to change from whatever it was to: /vhost/blah blah etc/www/tmp

Author:	Alex53 [ Tue Aug 29, 2006 11:48 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Hmm yeah I thought so too. But it definitely was / and it definitely changed only to /tmp even though I put the full path (blah blah was just an example of course, its longer and without any spaces)

Author:	basic612 [ Tue Aug 29, 2006 11:56 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
is it possible that your web host administrators changed the path in their config coincidentally to you making your changes? what does phpinfo say for this: Configuration File (php.ini) Path

Author:	Alex53 [ Tue Aug 29, 2006 12:05 pm ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
Thats quite far fetched, especially when the server is hosted in a similar time zone to mine and I made the php.ini file at 3am. Anyway, I will give this a rest, the hacks suit me fine. If it was my server I'd get to the bottom of it, but on a hosted site, its not worth the trouble.

Author:	basic612 [ Wed Aug 30, 2006 12:31 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
I probably should have thought about this possiblity sooner, but Alex53's problems with getting the php.ini settings to take hold appear to be due to the fact that the host server in question is not running PHPsuexec after all. If you are unsure of whether you are running in a PHPsuexec environment, looking at this post might help: http://forum.joomla.org/index.php/topic ... #msg455966

Author:	Alex53 [ Wed Aug 30, 2006 6:07 am ]
Post subject:	Re: phpsuex-login loop-session directory admin lgging out fix
As above The path changed properly using an .htaccess file.