From 29857e7d705cd0c6bd4cd4f9fb7616760b4d6c36 Mon Sep 17 00:00:00 2001 From: "Martin N." Date: Mon, 1 Dec 2014 16:45:49 +0100 Subject: [PATCH 1/3] Using a custom session_start_safe This fixes path issues, where the session directory ends up not writeable. --- lib/settings-common.php | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/lib/settings-common.php b/lib/settings-common.php index b81b1a9..d620a96 100644 --- a/lib/settings-common.php +++ b/lib/settings-common.php @@ -15,12 +15,30 @@ $context = stream_context_create(array('http'=> ) )); +// sets up a session, either with the local tmp directory or with the default directory +function session_start_safe() { + // Trying with the local path + session_save_path(dirname(__FILE__).'/../tmp'); + session_start(); + if(!$_SESSION['working']) $_SESSION['working'] = true; + session_write_close(); + unset($_SESSION); + // Let's see if that worked + session_start(); + if($_SESSION['working']) { + unset($_SESSION['working']); + return; // we've got a working session + } else { + // Create a new session with the default path. + session_destroy(); + session_save_path(''); + session_start(); + } +} + // Start a session if we haven't already if(!isset($_SESSION)) { - session_save_path(dirname(__FILE__).'/../tmp'); - // Make the session cookie HTTP only - session_set_cookie_params(0, '/', '', false, true); - @session_start(); + session_start_safe(); } // Set the language file, if now possible From 6861fa9cedb368a7e21e51c73de2382b5c2a4e67 Mon Sep 17 00:00:00 2001 From: Martin Naumann Date: Mon, 1 Dec 2014 19:43:07 +0100 Subject: [PATCH 2/3] Re-adding the session_cookie_params --- lib/settings-common.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/settings-common.php b/lib/settings-common.php index d620a96..5a1b27f 100644 --- a/lib/settings-common.php +++ b/lib/settings-common.php @@ -32,12 +32,14 @@ function session_start_safe() { // Create a new session with the default path. session_destroy(); session_save_path(''); - session_start(); + session_start(); } } // Start a session if we haven't already if(!isset($_SESSION)) { + // Make the session cookie HTTP only + session_set_cookie_params(0, '/', '', false, true); session_start_safe(); } From 4a1ba5dfe3516841763d2c161e0e93ef9c649816 Mon Sep 17 00:00:00 2001 From: Martin Naumann Date: Mon, 1 Dec 2014 19:44:21 +0100 Subject: [PATCH 3/3] Using reworked version from @mattpass --- lib/settings-common.php | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/lib/settings-common.php b/lib/settings-common.php index 5a1b27f..2c68bad 100644 --- a/lib/settings-common.php +++ b/lib/settings-common.php @@ -15,30 +15,33 @@ $context = stream_context_create(array('http'=> ) )); -// sets up a session, either with the local tmp directory or with the default directory +// Sets up a session, either with the default dir or local tmp dir function session_start_safe() { - // Trying with the local path - session_save_path(dirname(__FILE__).'/../tmp'); - session_start(); - if(!$_SESSION['working']) $_SESSION['working'] = true; - session_write_close(); - unset($_SESSION); - // Let's see if that worked - session_start(); - if($_SESSION['working']) { - unset($_SESSION['working']); - return; // we've got a working session - } else { - // Create a new session with the default path. - session_destroy(); - session_save_path(''); - session_start(); - } + // Trying with the default + session_save_path(''); + @session_start(); + if(!$_SESSION['working']) $_SESSION['working'] = true; + session_write_close(); + session_unset(); + session_destroy(); + // Let's see if that worked + @session_start(); + if($_SESSION['working']) { + unset($_SESSION['working']); + return; // we've got a working session + } else { + // Create a new session in the local tmp dir instead + session_unset(); + session_destroy(); + session_save_path(dirname(__FILE__).'/../tmp'); + session_regenerate_id(true); + @session_start(); + } } // Start a session if we haven't already if(!isset($_SESSION)) { - // Make the session cookie HTTP only + // Make the session cookie HTTP only session_set_cookie_params(0, '/', '', false, true); session_start_safe(); }