SUEXEC and PHP - a question.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Ihost
    Junior Member
    • Mar 2004
    • 22

    SUEXEC and PHP - a question.

    I was testing a request for a client, and noticed a problem with this configuration.
    I understand that we can't use php_value flags in the .htaccess file because PHP is running as CGI rather than ISAPI. It is also said that you can use a php.ini file in each of the directories that php scripts use, if you need a different user configuration.

    Our client has a blog site, and keeps getting randomly logged out. It appears that the sessions are timing out. The default set up says that a session should last 24 minutes and there is a 1% chance of garbage collection running for each php pageload. They wanted to experiment with extending the timeout setting.

    I tried putting a php.ini file in my public_html directory and some sub directories, and it broke the site. Several database errors. Even when all of the content was removed from the php.ini file, the site still had errors. Deleting the php.ini file fixed the problem (on my site).

    I have read reports of the random session expiry on other hosts and they seemed to be because of PHP 4.3.3 . However on our server I see that we are running PHP 4.3.4, which is supposed to fix that bug.

    Does anyone have any thoughts on either the random session expiry, or why an empty php.ini file would cause errors on a site?
    Kerry Slavin
    Reliable Solution Internet Services
    For the best independent support for webhosts & their customers visit -
    JointSupportForum.Com
  • -Oz-
    Senior Member
    • Mar 2004
    • 545

    #2
    An empty php.ini file would cause issues because it will still use that over the default one, and that means there are no configuration settings, get rid of it completely. No idea for the other issues though.
    Dan Blomberg

    Comment

    • Ihost
      Junior Member
      • Mar 2004
      • 22

      #3
      OK, so if it overrides the system one, then what minimum set of flags need to be set to make it work. Can I just take the default one from a PHP install and use that, modifying the settings required?

      Surely there would be some settings that the system config, would not permit to be changed I would think. Eg. if safe_mode is Off on the server, surely the local php.ini could not set safe_mode to On.

      Does anyone have any links that provides info on what can or can't be done in the user php.ini file?
      Kerry Slavin
      Reliable Solution Internet Services
      For the best independent support for webhosts & their customers visit -
      JointSupportForum.Com

      Comment

      • Thyme
        Junior Member
        • Mar 2004
        • 13

        #4
        I would try the default one and making modifications, but you may be better off getting the system php.ini that Dathorn has on your server and modifying that.
        "I have never made but one prayer to God, a very short one: 'O, Lord, make my enemies ridiculous.' And God granted it." --Voltaire

        Comment

        • Detonator
          Junior Member
          • Mar 2004
          • 10

          #5
          Dathorn's config is not much different from the php.ini-recommended, some ~8 options or so are different.. Just take the output from a phpinfo() on the dathorn-server and check which options are different, takes 5 mins. Then make the necessary changes.

          Comment

          • Josh
            Junior Member
            • Mar 2004
            • 6

            #6
            The server should actually be using the values in the global php.ini unless you override each one in your own php.ini file. So if creating your own php.ini you don't need to specify everything, only things you would like to override. I'm not sure what settings cannot be overridden with your own file.

            Josh

            Comment

            • Ihost
              Junior Member
              • Mar 2004
              • 22

              #7
              Originally posted by Josh
              The server should actually be using the values in the global php.ini unless you override each one in your own php.ini file. So if creating your own php.ini you don't need to specify everything, only things you would like to override. I'm not sure what settings cannot be overridden with your own file.

              Josh
              I'm not sure that is right. If only the items specified overrode the system php.ini file then an empty php.ini file would override nothing and the system ones would default which means that a site should not break with an empty php.ini file in the home directory .... but it does.

              I would therefore think that if a php.ini is found in the user directory then it would need to have most of the settings required. There maye a subset of compulsory settings and if so this is the information that I am seeking.

              Also no-one has yet commented on whether they (or your clients) have reported random session logouts. This information would help in replying to my client.

              So while I can test a default php.ini in my home directory and play with session timeout settings, I fear that there is still something else afoot because the sessions are reported to be closing a lot sooner than the default 24 minutes.
              Kerry Slavin
              Reliable Solution Internet Services
              For the best independent support for webhosts & their customers visit -
              JointSupportForum.Com

              Comment

              • Detonator
                Junior Member
                • Mar 2004
                • 10

                #8
                PHP keeps track of sessions in the /tmp directory by default, one file for each session. The space on /tmp is limited, and there have been occassions on my dathorn-server where /tmp was just full so everything broke down.. Perhaps Andrew now deletes the contents of /tmp every now and then, which effectively kills all PHP sessions as a sideeffect.

                Comment

                • Dan
                  Member
                  • Mar 2004
                  • 99

                  #9
                  Email as well

                  I have seen the same problems with my own install of Squirrelmail too.

                  Also saw posts from others using the CPanel webmail programs before the forums went down so this is something that has been happening for a while now.

                  This all started happening well after PHP Suexec was enabled so I unless changes were made to it approximately 1-1.5 months ago I do not think that php.ini is the culprit.

                  Comment

                  • Josh
                    Junior Member
                    • Mar 2004
                    • 6

                    #10
                    Originally posted by Ihost
                    I'm not sure that is right. If only the items specified overrode the system php.ini file then an empty php.ini file would override nothing and the system ones would default which means that a site should not break with an empty php.ini file in the home directory .... but it does.

                    I would therefore think that if a php.ini is found in the user directory then it would need to have most of the settings required. There maye a subset of compulsory settings and if so this is the information that I am seeking.
                    I have actually used a php.ini file to override one setting such as magic_quotes_gpc = Off or to append a file. Maybe Andrew will come across this thread and comment.

                    Josh

                    Comment

                    • Ihost
                      Junior Member
                      • Mar 2004
                      • 22

                      #11
                      Does anyone know how often /tmp is refreshed. My client is reporting sessions logging out more than a couple of times a day. I explained to them the 24 minute default, which measures lack of activity since last page request, but they still feel the logout is well within that time.

                      I seem to recall that it may be possible to store session data in an alternative location to /tmp. This might help the issue as well. I'm not sure if this is a setting with the custom php.ini file, or something declared within the PHP code itself.

                      Does anyone know? I will check the PHP manual tomorrow morning and see if it gives an answer.
                      Kerry Slavin
                      Reliable Solution Internet Services
                      For the best independent support for webhosts & their customers visit -
                      JointSupportForum.Com

                      Comment

                      • zenfort
                        Member
                        • Mar 2004
                        • 42

                        #12
                        I want to stop the spiders from using session IDs in the URLs.
                        Would this be the correct form for a php.ini file?
                        Code:
                        php_value session.use_trans_sid off
                        php_value session.use_cookies off
                        php_value session.use_only_cookies on
                        It doesn't appear to be working.
                        I've also tried it with php_flag .

                        I'm trying to stop Yahoo Slurp and YahooSeeker from using session IDs is a PostNuke site. [ POSTNUKESID ]
                        Host: 66.196.90.82
                        Url: /modules.php?op=modload&name=News&file=index&catid= &topic=3&POSTNUKESID=a1ffb70988b0c481e9df98de732f3 329
                        Http Code : 403
                        Date: Apr 10 14:28:17
                        Http Version: HTTP/1.0" Size in Bytes: - Referer: - Agent: Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
                        Right now I'm forbidding 403 the spiders in .htaccess.

                        Thanks,
                        zenfort

                        Comment

                        • Buddha
                          Senior Member
                          • Mar 2004
                          • 825

                          #13
                          Try this...
                          Code:
                          session.use_trans_sid=off
                          session.use_cookies=off
                          session.use_only_cookies=on
                          "Whatcha mean I shouldn't be rude to my clients?! If you want polite then there will be a substantial fee increase." - Buddha

                          Comment

                          • zenfort
                            Member
                            • Mar 2004
                            • 42

                            #14
                            Hi, I've tried it with php_flag, php_value and without
                            I tried all of the above with the equals sign and without - none have made a difference in my phpinfo.php information.
                            I also put the php.ini file in every directory that has a php script file to see if it effected the session ID in the URLs and it did not.
                            my phpinfo.php file still reports:
                            session.use_cookies On On
                            session.use_only_cookies Off Off
                            session.use_trans_sid Off Off
                            Oh and the phpinfo file does show the the php.ini file in my public_html- where I have the phpinfo file:
                            Configuration File (php.ini) Path /home/username/public_html/php.ini
                            Are there other variations I should try? Has anyone else used their own php.ini file with a similar revision?


                            I just tried it with (boolean) TRUE and FALSE with the 3 variations "...flag, ...value, & without - same results - no-change.
                            Oh this is on cpanel 09.

                            If you want to see the results of this problem check out this Yahoo search

                            Thanks zenfort

                            Andrew gave me this format that now shows a change in th phpinfo.php file - on cpanel 9 with suexec).
                            Code:
                            session.use_trans_sid = 0
                            session.use_cookies = 0
                            session.use_only_cookies = 1
                            Last edited by zenfort; 04-17-2004, 04:49 PM. Reason: Have code that works on cpanel 9 with suexec)

                            Comment

                            • zenfort
                              Member
                              • Mar 2004
                              • 42

                              #15
                              woohoo

                              OK as I said above:
                              Andrew gave me this format that now shows a change in th phpinfo.php file - on cpanel 9 with suexec).
                              Code:
                              session.use_trans_sid = 0
                              session.use_cookies = 0
                              session.use_only_cookies = 1
                              I have some code to strip the session IDs from Slurp YahooSeeker etc. and tell them it's a permanent change. As I refresh Last Visitors I can see Slurp getting 301 and then imediately coming back for the 200. Most info I got through seaches at http://www.webmasterworld.com/

                              I found another variable in some spider request that I wanted to strip that the search engines don't need (&mode=thread&order=0&thold=0).
                              If anyone can look this over and tell me if their is a cleaner way to write ( less server taxing) Please post.
                              To redirect and correct the spiders:

                              Code:
                              RewriteEngine on
                              RewriteCond %{query_string} !^$
                              RewriteCond %{query_string} ^(.*)&mode=thread&order=0&thold=0&POSTNUKESID=(.*)$ [NC,OR]
                              RewriteCond %{query_string} ^(.*)&POSTNUKESID=(.*)$ [NC,OR]
                              RewriteCond %{query_string} ^(.*)POSTNUKESID=(.*)$ [NC,OR]
                              RewriteCond %{query_string} ^(.*)&mode=thread&order=0&thold=0(.*)$ [NC]
                              RewriteRule ^.*$ %{REQUEST_URI}?%1 [R=301,L]
                              namaste zenfort

                              Comment

                              Working...