PHP Sessions at SCCC HOWTO

This document is step-by-step instructions on how to get sessions working in php scripts at SCCC.

If you want an explaination rather than a set of instructions, go to: http://seattlecentral.edu/~dmartin/docs/php-cgiwrap.html

A demonstration can be found here: http://www.seattlecentral.edu/~dmartin/test.php

The source code from my demo can be found here: http://www.seattlecentral.edu/~dmartin/test.phps

To use PHP scripts that have session features, you need to do four things.

Create a directory on the server to hold session information
Set Permissions on that directory
Figure out the path to that directory
Tell php to use that directory

Create Session Directory

At SCCC we don't allow shell access, so you have to use FTP. The specifics of how you create a directory are different with different FTP clients, so I'll just talk about the command line ftp client that comes with windows XP. Most fancier GUI FTP clients have similer notions of what does what, so even if you don't use command line ftp, this information should be helpful.

I assume you already know how to connect to a web server and do basic FTP commands.

Connect to the web server and create the directory. It can have any name, but I'm going to use 'php-sessions' as my example. You don't want to create the directory inside your /htdocs directory because you don't want to let people browse your sessions.

Log in with ftp
Make sure you're in your home directory (cd /)
Make the directory (mkdir php-sessions)

Set Permissions on the Session Directory

This is an area where the difference between FTP clients is dramatic. If you're using a GUI FTP client, search around for something called 'chmod' or 'file permissions' in your ftp client's pulldown menus.

In Unix/Linux (the web server is Linux) file permissons understand the concepts of three different kinds of users: The User (you), the Group (everyone in your group) and Other (everyone else on the system). You want to make sure that Other and Group have no permissions at all for your new directory.

The Windows command line FTP client doesn't have a chmod feature, so we have to use raw FTP commands to do what we want. To make sure user and group have no permissions on php-sessions, I would run the following command:

ftp> dir
drwxr-xr-x  76 dmartin dmartin      4096 Jul  6 14:57 .
drwxr-xr-x   9 root    root         4096 Jul  6 10:19 ..
drwxr-xr-x   1 dmartin dmartin      4096 Jun 21 21:22 htdocs
drwxr-xr-x   1 dmartin dmartin      4096 Jul  6 15:28 php-sessions
ftp> literal site chmod og-rwx php-sessions  
OK
ftp> dir 
drwxr-xr-x  76 dmartin dmartin      4096 Jul  6 14:57 .
drwxr-xr-x   9 root    root         4096 Jul  6 10:19 ..
drwxr-xr-x   1 dmartin dmartin      4096 Jun 21 21:22 htdocs
drwx------   1 dmartin dmartin      4096 Jul  6 15:28 php-sessions

Notice all the "r"s and "x"s that turned into "-"s. That is what you want to see.

Figure Out the Path to your PHP Sessions Directory

At SCCC an FTP client operates in a chroot jail, which means it hides most of the filesystem from you so you see '/' as your home directory. Because PHP does not operate in a chroot jail, you need to add your home directory name to the path from your ftp client when you specify a filename in PHP.

Here's how you figure out what your home directory is. Take the directory part of your URL and stick /home/webusers in front of it. For instance, if your URL is http://www.seattlecentral.edu/foo, then your home directory is /home/webusers/foo. If your URL is http://www.seattlecentral.edu/faculty/foo, then your home directory is /home/webusers/faculty/foo.

Now that you know your home directory, you can figure out the filename that you need to use in your PHP script. For my http://www.seattlecentral.edu/foo example, if that user created /php-sessions in their ftp client, they'd have to use /home/webusers/foo/php-sessions in their php script. For http://www.seattlecentral.edu/faculty/foo the path to the php-sessions directory would be /home/webusers/faculty/foo/php-sessions.

Telling php to use that directory

In a nutshell, you can tell php what directory to use for sessions by setting the session.save_path configuration option. You can do that with:

ini_set('session.save_path','path-to-php-session-dir');

BEFORE session_start().

So for the user with the URL http://www.seattlecentral.edu/foo , they'd put

ini_set('session.save_path','/home/webusers/foo/php-sessions');

before session_start().

A Warning to Users in Transition from the Old System

Under the old system, your php scripts run as the user 'www', in the new system, they run as your userid. If a script running as your userid tries to write session information to www's directory it will fail, and if a script running as 'www' tries to write session information to your php session directory, that will fail. Obviously, you don't want to write a script that will work on the new system when you're still on the old system, but then you don't want your script to break when you're switched to the new system.

The simple solution is to make the script check who it's running as and set session.save_path accordingly. This code snippet should do that.:

<?php if (rtrim(whoami`) == 'yourname) { ini_set('session.save_path','path-to-php-session-dir'); } ?> # Notice those are backticks around whoami, not single quotes. # `whoami` NOT 'whoami'

In the snippet above, yourname is your username, and path-to-php-session-dir is the path to your php session directory as discussed above.

Advice

Don't put a '@' in front of start_session(). If you're having problems with sessions, you want to know about it.

Updated Wed May 13 07:12:01 PDT 2009

Dylan's Main Page