Is there any way to determine the *actual* session save path?
I know there are half a dozen ways to get the value of the session.save_path directive ( phpinfo() , session_save_path() , etc.), but when the value is an empty string, as it is by default, the actual path can be any of several locations. I’ve read that it’s usually /tmp , except when it’s /var/lib/php5 , but on OS X Mountain Lion it’s definitely /private/var/tmp . On Windows, it’s probably C:\Windows\Temp , but who knows. I could specify the location, but that won’t really help me. I’m trying to diagnose a tricky problem and I would like to know what the current location is on a server that I don’t have full access to. If there’s a right way to do it, I haven’t been able to find it. I’m open to clever hacks.
I’d assume PHP would use the temp folder when the save_path is blank. You could try using sys_get_temp_dir() .
That’s a theory I hadn’t considered, but unfortunately it’s wrong. When I run php -r ‘echo sys_get_temp_dir();’ from the command line (OS X 10.8.4), I get /var/folders/_k/. .
Actually, your test is wrong. Temp folders can vary per-user. If I run that from the command line in OSX I get a similar path, but that’s irrelevant because the server doesn’t run under my user account. Printing sys_get_temp_dir() from a test page that goes through Apache gives me /var/tmp , which does contains the session file.
@PeterGeer You’re right. My bad, Rocket Hazmat. I wrote a quick script to list the contents of the temp folder on the server and it’s full of PHP session files.
session_save_path
session_save_path() returns the path of the current directory used to save session data.
Parameters
Session data path. If specified and not null , the path to which data is saved will be changed. session_save_path() needs to be called before session_start() for that purpose.
Note:
On some operating systems, you may want to specify a path on a filesystem that handles lots of small files efficiently. For example, on Linux, reiserfs may provide better performance than ext2fs.
Return Values
Returns the path of the current directory used for data storage, or false on failure.
Changelog
See Also
User Contributed Notes 5 notes
I made a folder next to the public html folder and placed these lines at the very first point in index.php
Location of session folder:
What I placed in index.php at line 0:
ini_set ( ‘session.save_path’ , realpath ( dirname ( $_SERVER [ ‘DOCUMENT_ROOT’ ]) . ‘/../session’ ));
session_start ();
This is the only solution that worked for me . Hope this helps someone .
Debian does not use the default garbage collector for sessions. Instead, it sets session.gc_probability to zero and it runs a cron job to clean up old session data in the default directory.
As a result, if your site sets a custom location with session_save_path() you also need to set a value for session.gc_probability, e.g.:
session_save_path ( ‘/home/example.com/sessions’ );
ini_set ( ‘session.gc_probability’ , 1 );
?>
Otherwise, old files in ‘/home/example.com/sessions’ will never get removed!
Session on clustered web servers !
We had problem in PHP session handling with 2 web server cluster. Problem was one servers session data was not available in other server.
So I made a simple configuration in both server php.ini file. Changed session.save_path default value to shared folder on both servers (/mnt/session/).
If session.save_handler is set to files, on systems that have maximum path length limitations, when the session data file’s path is too long, php may get you an error like «No such file or directory» and fails to start session, although the session-saving folder really exists on the disk.
1. Keep the session-saving folder’s absolute path not too long
2. If you’re with PHP 7.1+, don’t set session.sid_length to a number too great, such as 255
I once got stuck with this problem on Windows and wasted hours to solve it.
ini_set ( ‘session.save_path’ , realpath ( dirname ( $_SERVER [ ‘DOCUMENT_ROOT’ ]) . ‘/tmp’ ));
ini_set ( ‘session.gc_probability’ , 1 );
session_start ();
?>
(for using above code create a tmp folder/directory in your directory)
- Session Functions
- session_abort
- session_cache_expire
- session_cache_limiter
- session_commit
- session_create_id
- session_decode
- session_destroy
- session_encode
- session_gc
- session_get_cookie_params
- session_id
- session_module_name
- session_name
- session_regenerate_id
- session_register_shutdown
- session_reset
- session_save_path
- session_set_cookie_params
- session_set_save_handler
- session_start
- session_status
- session_unset
- session_write_close
How to get a particular session path in php?
I want to save a particular session as a path. So if I delete it from MySQL database, the session would be deleted too. Is this possible? Thank you.
It looks like you have a misconception. Passing a parameter to session_save_path changes the path. You should read the manual for session_save_path at php.net/manual/en/function.session-save-path.php which says If specified, the path to which data is saved will be changed. session_save_path() needs to be called before session_start() for that purpose.
AFAIK there are no seperate folders for different session variables. All session related files will go to session_save_path .
Ok, but what I want is to keep session path in MySQL database when user logs in. I will update my question to make it clear.
To have complete control of user session data then you can store all the session data in a database. an example of code to do this: Codeproject.com/Articles/Session-Storage-in-a-MySQL-Database
1 Answer 1
Ok, so this is what I did. Please check if this code is correct and will be able to insert $_SESSION[’email’] to db as a path.
function __construct() < // instance of new Database object $this->mysqli = CDatabase::init(); //check this // set handler to overide SESSION @session_set_save_handler( array($this, "openSession"), array($this, "closeSession"), array($this, "readSession"), array($this, "writeSession"), array($this, "destroySession"), array($this, "gcSession") ); // start the session session_start(); > public function openSession( // if database connection exists if($this->_db) < return true; >return false; > public function closeSession() < // if database connection is closed if($this->mysqli->close()) < @session_write_close(); return true; >return false; > $email = $_SESSION['email']; public function readSession($email) < $result = $this->mysqli->select( "SELECT session_data FROM sessions WHERE session_id = :session_id", array(":session_id"=>$email) ); return isset($result[0]) ? $result[0] : ""; > public function writeSession($email) < $result = $this->mysqli->insert( "INSERT INTO table VALUES (session_id = :session_id)", array(":session_id"=>$email) ); if(isset($result[0]))< $result = $this->mysqli->update( "sessions", array( "expires_at"=>time()+$this->getTimeout(), "session_data"=>$data ), "session_id = :session_id", array(":session_id"=>$id) ); >else< $result = $this->_db->insert( "sessions", array( "session_id"=>$email, "expires_at"=>time()+$this->getTimeout() ) ); > return true; > public function destroySession($email) < return $this->_db->delete( "sessions", "session_id = :session_id", array(":session_id"=>$email) ); > public function gcSession($maxLifetime) < return $this->_db->delete( "sessions", "expires_at < :expires_at", array(":expires_at"=>time()) ); > ?>Location for session files in Apache/PHP
@prodigitalson Hostinger’s session.save_path by default points to a 1440 folder that doesn’t exist, so I just changed it to a path with write permission and now session handling works ok.
8 Answers 8
The default session.save_path is set to «» which will evaluate to your system’s temp directory. See this comment at https://bugs.php.net/bug.php?id=26757 stating:
The new default for save_path in upcoming releaess (sic) will be the empty string, which causes the temporary directory to be probed.
To find the current session save path, you can use
Refer to this answer to find out what the temp path is when this function returns an empty string.
The location is set and not ‘default’ under Ubuntu 10.10. A clean build of PHP may give you this, but not under any Debian/Ubuntu builds I have used. The orig question pertains to Ubuntu 10.10. So, just look it up on command line per last comment (or my answer) as location can differ from ‘default’/blank/tmp depending on Linux distribution used..
Warning!! I think running php -r ‘echo session_save_path(), «\n»;’ as mentioned above will use a different php.ini file (perhaps /etc/php/7.0/cli/php.ini instead of /etc/php/7.0/apache2/php.ini), and therefore might have a different value of «session.save_path»
@Magmatic is correct, there are TWO php.ini files, php_info() will tell you which one is in use during the current eval, and locate php.ini will help you find them
Please note (as per last 2 comments): Using the CLI PHP version (command line) can produce different results depending on distro and compile. The main thing is it is NOT the Apache version. (Though the INI files may be identical as far as session paths). Better to look in/grep proper Apache PHP.INI.
First check the value of session.save_path using ini_get(‘session.save_path’) or phpinfo() . If that is non-empty, then it will show where the session files are saved. In many scenarios it is empty by default, in which case read on:
On Ubuntu or Debian machines, if session.save_path is not set, then session files are saved in /var/lib/php5 .
On RHEL and CentOS systems, if session.save_path is not set, session files will be saved in /var/lib/php/session
I think that if you compile PHP from source, then when session.save_path is not set, session files will be saved in /tmp (I have not tested this myself though).
I’m using Ubuntu 12.04.5 LTS and, for some reason (I have not changed anything in php.ini ) my sessions are under /var/lib/php5/sessions
«Not set»? It is set — but commented out in php.ini. This does not mean it doesn’t have a value or isn’t ‘set’.. From command line just do: php -i | grep session.save_path for CLI (and probably Apache) session save path. Also, a given php.ini will normally show the ‘default’ path — it’s just commented out.
And yes: if nothing compiled in as default path (not the case with most distributions), a blank will be used (compile default). Which would then use the system temp area (normally /tmp ) as its fallback/default value. Please refer to php.net/manual/en/…
DEFAULT Ubuntu 16.04 : /etc/php/7.0/*/php.ini -> ;session.save_path = «/var/lib/php/sessions» — A comment doesn’t mean ‘not set’ is all I meant. It is set obviously to something other than ‘blank’ (/tmp).. and is NOT an empty/null string
If unsure of compiled default for session.save_path , look at the pertinent php.ini .
Normally, this will show the commented out default value.Ubuntu/Debian old/new php.ini locations:
Older php5 with Apache: /etc/php5/apache2/php.ini
Older php5 with NGINX+FPM: /etc/php5/fpm/php.ini
Ubuntu 16+ with Apache: /etc/php/*/apache2/php.ini *
Ubuntu 16+ with NGINX+FPM — /etc/php/*/fpm/php.ini ** /*/ = the current PHP version(s) installed on system.
To show the PHP version in use under Apache:
Since PHP 7.3 is the version running for this example, you would use that for the php.ini :
$ grep «session.save_path» /etc/php/7.3/apache2/php.ini
$ APACHEPHPVER=$(a2query -m | grep «php» | grep -Eo «4+\.3+») \ && grep «;session.save_path» /etc/php/$/apache2/php.ini
Or, use PHP itself to grab the value using the «cli» environment (see NOTE below):
$ php -r 'echo session_save_path() . "\n";' /var/lib/php/sessions $php -i | grep session.save_path php -r 'echo phpinfo();' | grep session.save_pathThe ‘cli’ (command line) version of php.ini normally has the same default values as the Apache2/FPM versions (at least as far as the session.save_path ). You could also use a similar command to echo the web server’s current PHP module settings to a webpage and use wget/curl to grab the info. There are many posts regarding phpinfo() use in this regard. But, it is quicker to just use the PHP interface or grep for it in the correct php.ini to show it’s default value.
EDIT: Per @aesede comment -> Added php -i . Thanks