Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

2problems: warning: sessions /tmp. & configure.php,


hampdyrker

Recommended Posts

after instaling oscommerce, these warnings came in the topframe.

 

Warning: I am able to write to the configuration file: /customers/www/httpd.www/oscommerce/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created.

 

i have tried to fix the problem but i cant figure out what to do!!

 

can anyone help me???

Link to comment
Share on other sites

after instaling oscommerce, these warnings came in the topframe.

 

Warning: I am able to write to the configuration file: /customers/www/httpd.www/oscommerce/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file.

 

Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created.

 

i have tried to fix the problem but i cant figure out what to do!!

 

can anyone help me???

 

 

Hi

 

I just posted an answer to this here: http://www.oscommerce.com/forums/index.php?showtopic=181261

 

regards

Johan de Groot

 

Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created.

 

 

Has to do with the fact that you did not make a /tmp dir. This is needed because you asked to put session in file, instead of database when you were installing the OS Commerce. You can do two things: Have the data collected in your database (during install) or make a /tmp dir.

 

Regards

Johan de Groot

Link to comment
Share on other sites

Hi

 

I just posted an answer to this here: http://www.oscommerce.com/forums/index.php?showtopic=181261

 

regards

Johan de Groot

 

Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created.

Has to do with the fact that you did not make a /tmp dir. This is needed because you asked to put session in file, instead of database when you were installing the OS Commerce. You can do two things: Have the data collected in your database (during install) or make a /tmp dir.

 

This advice won't work.

 

Number 1, most users don't have the ability to create a /tmp directory. It's above their webspace on the server and inaccessible to them. BTW, there almost certainly is a /tmp directory on the server, it's just not writable by their applications, ie: osC.

 

Number 2, setting sessions to mysql in the config file does not solve the problem, the osC script still requests the presence of the /tmp directory even though it's not used.

 

The simple solution is to create a "private" sessions directory.

 

Create a directory on the server, within /catalog is fine, name it anything you want, sessions is good.

 

Then go into your admin section, Configuration -> Sessions and set the sessions directory to point to your new directory. Remember that it's the file system (FS) path, ie: home/bla/blah/mine/http/catalog/mysessions or something similar.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

This issue has shown up here a lot recently. Either a lot of hosting companies have turned safe mode on, restricting access to /tmp or a lot of people are signing up with one that has.

 

I know from experience watching people here that simply setting sessions to mysql in catalog/includes/configure.php does not solve the problem for most people.

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

Setting sessions to mysql is the best in any case since otherwise private info can be easily seen in the sessions files but to eliminate the

 

Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created.

 

error you'll still need a dummy sessions directory. It's of course possible to change the sessions.php file to get around this but I like to alter the scripts as little as possible because it makes future modifications that much more complicated.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

I have just installed oscom had a few problems and found this thread, now I have a /tmp directory on the server by default and I changed the path to this from the configuration > settings, now while in the admin section that stopped the session errors I was getting in the header there and I thought I was done, but when i view the main catalog I still get the error reading: Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created.

 

I also have been into catalog/includes/configure.php and changed the variable there to mysql but I still get the error, so now I dont know what to do next, does anyone have any suggestions.

 

Regards

 

Ian

Link to comment
Share on other sites

Re-check your work.

Well I have checked the path to the /tmp which appears to be correct because once I set that I lost the errors in the admin section, I now just have the error on the main catalog page, if I have changed this line from this:

define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql'

 

to this:

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

is there anything else to check,

I also tried creating another folder called sessions in the catalog folder to point the sessions at and on my ftp software the full path was this /home/mydomain/mainwebsite_html/oscom/sessions but that just put errors back in the header, so have changed it back to /tmp which seems fine in admin but not in the main catalog page.

 

So is there anything else to check or is one of these still wrong.

 

Regards

 

Ian

Link to comment
Share on other sites

ok have sorted it,

 

Problem was in the configure.php file mentioned above i needed to fill in the following,

 

// define our database connection

define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'this_bit');

define('DB_SERVER_PASSWORD', 'thisbit');

define('DB_DATABASE', 'this_bit');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

I thought these would be done during the installation but it would appear not, anyway all ok now so if anyone else has problems try putting values into the above variables. This cured my problem.

 

Cheers

Link to comment
Share on other sites

  • 6 months later...

I had this same problem... I solved it

 

If after filling in "MYSQL" in the store_sessions bit in the configure file you still get the warning, check your /local/configure.php file

Link to comment
Share on other sites

  • 3 months later...

My company provides hosting services and we support oscommerce. We had to turn SAFE MODE on due to PHP vulnerabilities on shared servers.

 

Here's what I did to solve the issue on my personal sites:

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

in both the includes/ and admin/includes directories I edited the following line on the configuration.php files to "mysql".

 

In osCommerce admin panel under sessions, I deleted /tmp and left the field blank. This has resolved all SAFE MODE issues by storing sessions locally in the database.

 

My recommendation to anyone with a serious (full-time business) osCommerce store, get your own dedicated server and most hosting providers will allow you to run it with SAFE MODE off. It's only when using shared hosting that SAFE MODE must be turned on to protect the server and other shared users.

 

Hope this helps someone.

Link to comment
Share on other sites

  • 3 months later...

Hi All

 

I am not sure if this will help anybody but I wanted to add to the thread.

This is my first install of os-commerce and every step of the way has been an exciting challenge, with problems galore. It is the best way to learn (from experience).

 

One of the things regarding this warning is to note the following:

 

php has a session_path

 

mine was

session.save_path = "c:\windows\temp"

 

This is the mistake that I made that I thought sessions were being saved there.

 

However when you install os-commerce, this is overridden by the sessions parameters for the admin and catalog functions (as defined in their configuration files in their folders)

 

mine (config files for os-commerce) are in my apache directory and subdirectories htdocs, catalog

 

in the configure.php file in the subdirectory admin/includes (this is the configuration for admin)

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

mine was set to empty (it was looking for /tmp in the error)

when i changed it to mysql - warning disappeared

 

in the configure.php file in the subdirectory catalog (this is the configuration for the catalog)

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

mine was set to empty

when i changed it to mysql - warning disappeared

 

If what I stated appears incorrect, I am open!

 

What I would like to know and find out:

 

Debugging tools - is there a function for this in os-commerce?

If I dont have a "mysql" directory, where is it finding this? Or is it building this on the fly?

 

Jami

Link to comment
Share on other sites

Okay - final word on this, to clear up some misconceptions that people obviously have on this subject.

 

1. You have the option when using the osCommerce install procedure of storing session data in files or in the database - your choice. This does not apply if you use an automated install e.g. Fantastico or Power Tools.

2. If you wish to store session data in files then edit the Session Save Path in osCommerce admin --> Configuration --> Sessions to either tmp/ or just tmp On a shared server the problem with storing sessions in files in a tmp folder only occurs if the path is given as /tmp

3. If doing this then make sure that you have a folder named 'tmp' in the root of your osCommerce web, with permissions of 755.

4. If you elected during the install to store sessions in files and wish to switch to storing sessions in the database then edit the last line of both configure.php files to read 'mysql' where indicated.

5. The problem where you have elected to store sessions in the database but are still asked to provide a valid path to a 'tmp' folder only occurs when the server is running PHP in Safe Mode with a particular version of PHP4 (can't remember which one offhand). The solution is to make the session Save Path in osCommerce admin --> Configuration --> Sessions just tmp with no slash before or after.

6. Running PHP in Safe Mode is done for the benefit of the hosting company and not for you. Usually it's because the server is Windows and they are total c**p when running PHP, or because the server is Apache but running an outdated version or unpatched version of PHP - and turning on Safe Mode avoids them having to upgrade.

7. If on a shared server do not enable caching - or else you can end up with other people's website Categories on your website.

 

I think that about covers it all!

 

Vger

Link to comment
Share on other sites

  • 1 month later...
Okay - final word on this, to clear up some misconceptions that people obviously have on this subject.

 

1. You have the option when using the osCommerce install procedure of storing session data in files or in the database - your choice. This does not apply if you use an automated install e.g. Fantastico or Power Tools.

2. If you wish to store session data in files then edit the Session Save Path in osCommerce admin --> Configuration --> Sessions to either tmp/ or just tmp On a shared server the problem with storing sessions in files in a tmp folder only occurs if the path is given as /tmp

3. If doing this then make sure that you have a folder named 'tmp' in the root of your osCommerce web, with permissions of 755.

4. If you elected during the install to store sessions in files and wish to switch to storing sessions in the database then edit the last line of both configure.php files to read 'mysql' where indicated.

5. The problem where you have elected to store sessions in the database but are still asked to provide a valid path to a 'tmp' folder only occurs when the server is running PHP in Safe Mode with a particular version of PHP4 (can't remember which one offhand). The solution is to make the session Save Path in osCommerce admin --> Configuration --> Sessions just tmp with no slash before or after.

6. Running PHP in Safe Mode is done for the benefit of the hosting company and not for you. Usually it's because the server is Windows and they are total c**p when running PHP, or because the server is Apache but running an outdated version or unpatched version of PHP - and turning on Safe Mode avoids them having to upgrade.

7. If on a shared server do not enable caching - or else you can end up with other people's website Categories on your website.

 

I think that about covers it all!

 

Vger

 

 

 

im having this problem but i cant do #2 and set the /tmp dir because i cant get into the site at all. what file can i manually set this setting in?

Link to comment
Share on other sites

im having this problem but i cant do #2 and set the /tmp dir because i cant get into the site at all. what file can i manually set this setting in?

 

i had same problem, (with my 1st fresh Creloaded 6.2 std install) but as you probably worked out now, you can change the value in phpmyadmin if can't login.

 

login to phpmyadmin

choose correct database

click on configuration in left

then browse

go to page 3 or 4 and on line 114, edit /tmp to something else

 

114 Session Directory SESSION_WRITE_DIRECTORY ../tmp If sessions are file based, store them in this dir...

 

 

with my host this works for me:

 

../tmp

 

as tmp folder was already ftp'd there in ./catalog/

 

hope this saves someone a couple of seconds thinking time :)

Link to comment
Share on other sites

  • 2 weeks later...

I have two questions. I was having the same problem with the /tmp directory, but fixed it by turning Php "safe mode" off because it was on.

 

1. i have a dedicated server, is it wise to use file sessions or database sessions? What are the benefits?

 

2. if i decide to use file sessions, is there anyway this can cause a vulnerability? the /tmp file is the located on the root of my server, is there anyway this can cause leak of some sort?

Link to comment
Share on other sites

  • 5 months later...
114 Session Directory SESSION_WRITE_DIRECTORY ../tmp If sessions are file based, store them in this dir...

with my host this works for me:

 

../tmp

 

as tmp folder was already ftp'd there in ./catalog/

 

hope this saves someone a couple of seconds thinking time :)

 

I found this worked for me too! Thanks a lot!

However, I found the SESSION_WRITE_DIRECTORY to be line 137... no biggie.. :)

Link to comment
Share on other sites

  • 2 weeks later...

I am getting this error in the header of my store:

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/spiri18/public_html/includes/functions/database.php:286) in /home/spiri18/public_html/includes/functions/sessions.php on line 67

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/spiri18/public_html/includes/functions/database.php:286) in /home/spiri18/public_html/includes/functions/sessions.php on line 67

 

My store: www.spiritinmind.com

 

I am a neophyte when it comes to php and struggle with it. I also work full time and my store is my part time business - hence I have little time to search for solutions and hack my own files and then hope I don't make it worse!

 

I've had trouble with my store like this before and I was able to hire a programmer from this forum for a half hour to fix it. Will someone take pity on me and direct me to someone I can hire to fix this for me? I'm really afraid that I will just make it worse!

 

Thank you!

Link to comment
Share on other sites

  • 9 months later...
  • 2 months later...

I have a problem when setting the session handler to 'mysql', it works just fine with the default handler, but when I change it I cannot login, after submitting the form it goes back to the login page once and again, with no error message or anything. I wonder if it has something to do with the session configuration.

Link to comment
Share on other sites

  • 1 year later...

My company provides hosting services and we support oscommerce. We had to turn SAFE MODE on due to PHP vulnerabilities on shared servers.

 

Here's what I did to solve the issue on my personal sites:

 

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

in both the includes/ and admin/includes directories I edited the following line on the configuration.php files to "mysql".

 

In osCommerce admin panel under sessions, I deleted /tmp and left the field blank. This has resolved all SAFE MODE issues by storing sessions locally in the database.

 

My recommendation to anyone with a serious (full-time business) osCommerce store, get your own dedicated server and most hosting providers will allow you to run it with SAFE MODE off. It's only when using shared hosting that SAFE MODE must be turned on to protect the server and other shared users.

 

Hope this helps someone.

 

this is the solution that workt for me.

ty

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...