I am trying to change default session and cookie path for one of my application which is hosted on a EC2 server, that has multiple websites hosted.
I have tried both PHP and .htaccess method
in PHP file
$currentCookieParams = session_get_cookie_params();
$path = '/session';
$rootDomain = '.example.com';
if($currentCookieParams["path"] != '/session') {
session_set_cookie_params(
$currentCookieParams["lifetime"],
$path,
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
}
in .htaccess
php_flag register_globals off
php_flag magic_quotes_gpc on
php_value session.cookie_path "/var/www/session"
php_value session.cookie_domain ".example.com"
php_value session.save_path "/var/www/session"
It creates session in specific folder but when I refresh the page new session gets created instead of using existing session.
Also, on page refresh all the session parameters reset to default value.
Ideally it should be fetched from existing session.
Should I need to change or make any configuration in Apache or Ubuntu itself? Any module that needs to be installed?
2
Answers
To change the session and cookie path for your application hosted on an EC2 server, you need to make sure you have the proper permissions and configurations set up. Here are some steps you can follow:
1.Check the file permissions: Ensure that the folder where you want to store the session files (/var/www/session in your case) has the correct file permissions. The web server (e.g., Apache) should have read and write permissions on that folder.
2.Configure PHP settings: Update your php.ini file to set the session save path and cookie path. Edit the php.ini file and modify the following lines:
; Set the session save path
session.save_path = "/var/www/session"
; Set the session cookie path
session.cookie_path = "/session"
Save the changes and restart the web server for the new settings to take effect.
3.Verify the session configuration: After making the changes, create a test PHP file to check the session configuration. Add the following code to a PHP file and access it through your web browser:
“;
echo “Session Cookie Path: ” . ini_get(‘session.cookie_path’) . “
“;
?>
This will display the current session and cookie path values. Ensure that they reflect the changes you made.
4.Update the session cookie domain: If your application is accessed through different subdomains (e.g., app.example.com, api.example.com), you may need to update the session cookie domain accordingly. In your PHP configuration, you can set it as follows:
session_set_cookie_params(0, ‘/session’, ‘.example.com’);
This will allow the session cookie to be accessible across multiple subdomains.
5.Restart the web server: After making any changes to the PHP configuration or the .htaccess file, restart the web server to apply the modifications.
With these steps, you should be able to set the desired session and cookie paths for your application. Remember to check for any errors or warnings in the web server’s error logs if you encounter any issues.
If you’re still facing problems, make sure that you have the required PHP extensions installed and that there are no conflicting configurations in other Apache or PHP configuration files.
Good luck!
You appear to have completely misunderstood what
session.cookie_pathis for.This specifies the URL path your session cookie will be considered valid for.
A path of
/means the cookie will be send back from the client to your server for every URL belowhttps://example.com/.And a path of
/foobar/means the cookie will only be send for every URL belowhttps://example.com/foobar/. If you are accessinghttps://example.com/somethingelse/now, that cookie set with this/foobar/path, will not be send back.You set the path to
/var/www/session– but you are not accessing URLs starting withhttps://example.com/var/www/session, are you? Only below that path your session cookie would be valid now.This setting has absolutely nothing whatsoever to do with where the session data files will be stored on the server – that is the
session.save_pathsetting.