i have a problem with PHP7 in CentoOS (WHM/CPANEL) and Prestashop 1.7
the system gives me this messagges:
Notice on line 429 in file /home/onywf3fr9a/public_html/app/cache/dev/classes.php
[8] SessionHandler::gc(): ps_files_cleanup_dir: opendir(/var/cpanel/php/sessions/ea-php70) failed: Permission denied (13)
6
Answers
For fixing the
«Notice: SessionHandler::gc(): ps_files_cleanup_dir: opendir("/var/cpanel/php/sessions/ea-php70") failed: Permission denied"
I recommend to grant the write access rights for this particular folder (/var/cpanel/php/sessions/ea-php70) to the operating system account you use for the PHP interpreter.
Disabling the PHP’s session garbage collector with the session.gc_probability=0 PHP setting is not a good solution, because you will have a lot of orphaned session files in the session folder, and it will waste the disk space and slow down your server.
I have the same issue, I changed the
session.save_path
to “/tmp” in my php.iniThis error occurs, because you need folder permission to store your session files in the session folder.
This error is common for all popular frameworks. Solution is
1. Give permission to the session folder as showing to store files OR
2. create a local session folder in your project and rewrite the session files storing path in your project.
I cleared cache and problem has been solved 🙂
Background
This error occurs when PHP tries to garbage collect expired sessions, but the directory containing the session files is not listable (missing the
r
access bit) by the user PHP runs as.This is usually a security measure against PHP session hijacking. E.g. Debian sets the permissions for the session directory to
drwx-wx-wt
. These permissions allow anyone to create sessions and the user who created the session may read it again if they knows the file name (session id), but only root can get a list of all active sessions.Distributions with this configuration normally also set up a cronjob or timer that regularly cleans up the sessions and disable the native garbage collection in php.ini:
session.gc_probability = 0
.Possible Causes
php.ini
and changedsession.gc_probability
to a value other than0
.ini_set()
to modifysession.gc_probability
at runtime. Some PHP frameworks are prone to this. E.g. Symfony always setssession.gc_probability
to1
if not configured otherwise.Solutions
Change
session.gc_probability
in php.ini to0
after verifying that your installation uses a cronjob/timer for session cleanup./usr/local/cpanel/scripts/clean_user_php_sessions
to remove expired sessions, so all CPanel installations use a cronjob.phpsessionclean.timer
for session cleanup.Prevent the web application from overriding
session.gc_probability
. For Symfony based applications this can be done by modifyingconfig/packages/framework.yaml
:If your system really uses the native session garbage collection instead of a cronjob or timer, change the permissions of the session folder to allow listing for the user running PHP:
Security notice: Changing the permissions allows any PHP script to enumerate all active session ids and potentially access all sessions. Only do this if you are sure the solutions above aren’t applicable!
(Potentially dangerous) Change
session.save_path
to/tmp
or a similar directory that PHP can access for reading and writing.Security notice: Changing the session save path to a world-readable directory allows any program and any PHP script to enumerate all active session ids and potentially access all sessions. Only do this if you are sure the solutions above aren’t applicable!
While this is not exactly elegant, I have found a solution that works for me at least. I noticed if I simply wait a second and refresh the page, I get though. I get this error when I am testing and going back and forth pages quickly.
While this creates a slight delay, and it doesn’t create an infinite loop, it seems to give the server to catch up on things.