[solved] Sessions don't work

[04nunhucks]

Hello, I'm having issues with Sessions.

My current setup is Litespeed on a cPanel server, Apache is not active.

Basically, when someone tries to login, the PHP form authenticates them, and then the person ends up in a redirection loop, between logged in and out states.

I can only stop the loop by deleting the relevant session file from the /tmp directory, which has permission 0600.

The system works as intended with Apache.

Any ideas?

 

[NiteWave]

this looks interesting - delete a session file and resolve the issue.

redirection loop - it may be an rewrite rule issue. can you enable the rewrite log level to 9 and see what the loop is.

 

[04nunhucks]

this looks interesting - delete a session file and resolve the issue.

redirection loop - it may be an rewrite rule issue. can you enable the rewrite log level to 9 and see what the loop is.

How do I enable the rewrite log level?

This is in the log:

2010-12-02 22:18:21.804 NOTICE [92.17.210.235:57887-1#APVH_rs.net] [STDERR] PHP Warning: Unknown: open(/home/rsweb/tmp/sessions/sess_96462014ed0ae341f8c9dce8283e0b97, O_RDWR) failed: Permission denied (13) in Unknown on line 0
2010-12-02 22:18:21.804 NOTICE [92.17.210.235:57887-1#APVH_rs.net] [STDERR] PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/home/rsweb/tmp/sessions) in Unknown on line 0

The session file permissions keeps getting reset to 0600

 

[NiteWave]

good log info. can you try:
#chmod -R 777 /home/rsweb/tmp/sessions

 

[04nunhucks]

good log info. can you try:
#chmod -R 777 /home/rsweb/tmp/sessions

Tried, still looping, nothing in log. The session file has permission: 0600

 

[NiteWave]

ok.let's gather more detail info first:
#ls -ald /home/rsweb/tmp/sessions/sess_96462014ed0ae341f8c9dce8283e0b97
#ls -ald /home/rsweb
#ls -ald /home/rsweb/tmp
#ls -ald /home/rsweb/tmp/sessions

 

[04nunhucks]

ok.let's gather more detail info first:
#ls -ald /home/rsweb/tmp/sessions/sess_96462014ed0ae341f8c9dce8283e0b97
#ls -ald /home/rsweb
#ls -ald /home/rsweb/tmp
#ls -ald /home/rsweb/tmp/sessions

[root@core ~]#ls -ald /home/rsweb/tmp/sessions/sess_9915c051a0956ce80f14800f30950244
-rw------- 1 nobody nobody 0 Dec 2 22:32 /home/rsweb/tmp/sessions/sess_9915c051a0956ce80f14800f30950244

[root@core ~]#ls -ald /home/rsweb
drwx--x--x 11 rsweb rsweb 4096 Dec 2 18:15 /home/rsweb

[root@core ~]#ls -ald /home/rsweb/tmp
drwxr-xr-x 8 rsweb rsweb 4096 Dec 2 20:17 /home/rsweb/tmp

[root@core ~]#ls -ald /home/rsweb/tmp/sessions
drwxrwxrwx 2 root root 4096 Dec 2 22:32 /home/rsweb/tmp/sessions

I created the sessions folder myself. Looks like it retained root permissions :/

[root@core tmp]#chown -R rsweb.rsweb sessions
[root@core tmp]#ls -ald /home/rsweb/tmp/sessions
drwxrwxrwx 2 rsweb rsweb 4096 Dec 2 22:32 /home/rsweb/tmp/sessions

And nope. Although, since I've changed the session.save_path, deleting the session file doesn't stop the redirection.
After removing the session.save_path definition, and allowing it back to /tmp, it seems to be working as normal.