make file readable by other users

Alaa Gamal asked:

i was trying to make one sessions for my all subdomains (one session across subdomains)

subdomain number one

session_set_cookie_params(0, '/', '');
echo session_id().'<br />';
$_SESSION['stop']='stopsss this';

subdomain number two

session_set_cookie_params(0, '/', '');
echo session_id().'<br />';

Now when i visit

i get this result

Array ( [stop] => stopsss this ) 

And when i visit

i get this result

Array () 

session id is same!

but session is empty

after two days of failed trys, finally i detected the problem

the problem is in file promissions

the file is not readable by the another user

session file on my server

-rw-------  1 auth auth 25 Jul 11 11:07 sess_06pqdthgi49oq7jnlvuvsr95q1

when i make this command on the server

chmod 777 sess_06pqdthgi49oq7jnlvuvsr95q1

i get the problem fixed!! the file is became readable by (

So, how to fix this problem? How to set the default promissions on session files?

this is the promissions of the sessions directory

Access: (0777/drwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)

My answer:

Your PHP session files must be readable by PHP/the web server, not necessarily by all users (this is a security risk).

To fix this issue, check what user your PHP (or apache with mod_php) is running as, and set the file ownership to that user for all of the session files (and the directory containing them, usually /var/lib/php/session or something similar).

chown -R /var/lib/php/session

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.