hampdyrker Posted November 19, 2005 Share Posted November 19, 2005 after instaling oscommerce, these warnings came in the topframe. Warning: I am able to write to the configuration file: /customers/www/httpd.www/oscommerce/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created. i have tried to fix the problem but i cant figure out what to do!! can anyone help me??? Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2005 Share Posted November 19, 2005 after instaling oscommerce, these warnings came in the topframe. Warning: I am able to write to the configuration file: /customers/www/httpd.www/oscommerce/catalog/includes/configure.php. This is a potential security risk - please set the right user permissions on this file. Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created. i have tried to fix the problem but i cant figure out what to do!! can anyone help me??? Hi I just posted an answer to this here: http://www.oscommerce.com/forums/index.php?showtopic=181261 regards Johan de Groot Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created. Has to do with the fact that you did not make a /tmp dir. This is needed because you asked to put session in file, instead of database when you were installing the OS Commerce. You can do two things: Have the data collected in your database (during install) or make a /tmp dir. Regards Johan de Groot Link to comment Share on other sites More sharing options...
AlanR Posted November 19, 2005 Share Posted November 19, 2005 Hi I just posted an answer to this here: http://www.oscommerce.com/forums/index.php?showtopic=181261 regards Johan de Groot Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created. Has to do with the fact that you did not make a /tmp dir. This is needed because you asked to put session in file, instead of database when you were installing the OS Commerce. You can do two things: Have the data collected in your database (during install) or make a /tmp dir. This advice won't work. Number 1, most users don't have the ability to create a /tmp directory. It's above their webspace on the server and inaccessible to them. BTW, there almost certainly is a /tmp directory on the server, it's just not writable by their applications, ie: osC. Number 2, setting sessions to mysql in the config file does not solve the problem, the osC script still requests the presence of the /tmp directory even though it's not used. The simple solution is to create a "private" sessions directory. Create a directory on the server, within /catalog is fine, name it anything you want, sessions is good. Then go into your admin section, Configuration -> Sessions and set the sessions directory to point to your new directory. Remember that it's the file system (FS) path, ie: home/bla/blah/mine/http/catalog/mysessions or something similar. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
Guest Posted November 19, 2005 Share Posted November 19, 2005 This advice won't work. Your solution sounds good, allthough my solution did actually work for me Regards Link to comment Share on other sites More sharing options...
hampdyrker Posted November 19, 2005 Author Share Posted November 19, 2005 thanx alot!!! that was all i needed!!! Link to comment Share on other sites More sharing options...
AlanR Posted November 19, 2005 Share Posted November 19, 2005 This issue has shown up here a lot recently. Either a lot of hosting companies have turned safe mode on, restricting access to /tmp or a lot of people are signing up with one that has. I know from experience watching people here that simply setting sessions to mysql in catalog/includes/configure.php does not solve the problem for most people. define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' Setting sessions to mysql is the best in any case since otherwise private info can be easily seen in the sessions files but to eliminate the Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created. error you'll still need a dummy sessions directory. It's of course possible to change the sessions.php file to get around this but I like to alter the scripts as little as possible because it makes future modifications that much more complicated. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
ian_m Posted November 19, 2005 Share Posted November 19, 2005 I have just installed oscom had a few problems and found this thread, now I have a /tmp directory on the server by default and I changed the path to this from the configuration > settings, now while in the admin section that stopped the session errors I was getting in the header there and I thought I was done, but when i view the main catalog I still get the error reading: Warning: The sessions directory does not exist: /tmp. Sessions will not work until this directory is created. I also have been into catalog/includes/configure.php and changed the variable there to mysql but I still get the error, so now I dont know what to do next, does anyone have any suggestions. Regards Ian Link to comment Share on other sites More sharing options...
AlanR Posted November 19, 2005 Share Posted November 19, 2005 Re-check your work. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
ian_m Posted November 19, 2005 Share Posted November 19, 2005 Re-check your work. Well I have checked the path to the /tmp which appears to be correct because once I set that I lost the errors in the admin section, I now just have the error on the main catalog page, if I have changed this line from this: define('STORE_SESSIONS', ''); // leave empty '' for default handler or set to 'mysql' to this: define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' is there anything else to check, I also tried creating another folder called sessions in the catalog folder to point the sessions at and on my ftp software the full path was this /home/mydomain/mainwebsite_html/oscom/sessions but that just put errors back in the header, so have changed it back to /tmp which seems fine in admin but not in the main catalog page. So is there anything else to check or is one of these still wrong. Regards Ian Link to comment Share on other sites More sharing options...
ian_m Posted November 19, 2005 Share Posted November 19, 2005 ok have sorted it, Problem was in the configure.php file mentioned above i needed to fill in the following, // define our database connection define('DB_SERVER', ''); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'this_bit'); define('DB_SERVER_PASSWORD', 'thisbit'); define('DB_DATABASE', 'this_bit'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' I thought these would be done during the installation but it would appear not, anyway all ok now so if anyone else has problems try putting values into the above variables. This cured my problem. Cheers Link to comment Share on other sites More sharing options...
aspen Posted May 31, 2006 Share Posted May 31, 2006 I had this same problem... I solved it If after filling in "MYSQL" in the store_sessions bit in the configure file you still get the warning, check your /local/configure.php file Link to comment Share on other sites More sharing options...
webduck123 Posted September 21, 2006 Share Posted September 21, 2006 My company provides hosting services and we support oscommerce. We had to turn SAFE MODE on due to PHP vulnerabilities on shared servers. Here's what I did to solve the issue on my personal sites: define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> in both the includes/ and admin/includes directories I edited the following line on the configuration.php files to "mysql". In osCommerce admin panel under sessions, I deleted /tmp and left the field blank. This has resolved all SAFE MODE issues by storing sessions locally in the database. My recommendation to anyone with a serious (full-time business) osCommerce store, get your own dedicated server and most hosting providers will allow you to run it with SAFE MODE off. It's only when using shared hosting that SAFE MODE must be turned on to protect the server and other shared users. Hope this helps someone. Link to comment Share on other sites More sharing options...
jamig77 Posted December 21, 2006 Share Posted December 21, 2006 Hi All I am not sure if this will help anybody but I wanted to add to the thread. This is my first install of os-commerce and every step of the way has been an exciting challenge, with problems galore. It is the best way to learn (from experience). One of the things regarding this warning is to note the following: php has a session_path mine was session.save_path = "c:\windows\temp" This is the mistake that I made that I thought sessions were being saved there. However when you install os-commerce, this is overridden by the sessions parameters for the admin and catalog functions (as defined in their configuration files in their folders) mine (config files for os-commerce) are in my apache directory and subdirectories htdocs, catalog in the configure.php file in the subdirectory admin/includes (this is the configuration for admin) define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' mine was set to empty (it was looking for /tmp in the error) when i changed it to mysql - warning disappeared in the configure.php file in the subdirectory catalog (this is the configuration for the catalog) define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' mine was set to empty when i changed it to mysql - warning disappeared If what I stated appears incorrect, I am open! What I would like to know and find out: Debugging tools - is there a function for this in os-commerce? If I dont have a "mysql" directory, where is it finding this? Or is it building this on the fly? Jami Link to comment Share on other sites More sharing options...
♥Vger Posted December 21, 2006 Share Posted December 21, 2006 Okay - final word on this, to clear up some misconceptions that people obviously have on this subject. 1. You have the option when using the osCommerce install procedure of storing session data in files or in the database - your choice. This does not apply if you use an automated install e.g. Fantastico or Power Tools. 2. If you wish to store session data in files then edit the Session Save Path in osCommerce admin --> Configuration --> Sessions to either tmp/ or just tmp On a shared server the problem with storing sessions in files in a tmp folder only occurs if the path is given as /tmp 3. If doing this then make sure that you have a folder named 'tmp' in the root of your osCommerce web, with permissions of 755. 4. If you elected during the install to store sessions in files and wish to switch to storing sessions in the database then edit the last line of both configure.php files to read 'mysql' where indicated. 5. The problem where you have elected to store sessions in the database but are still asked to provide a valid path to a 'tmp' folder only occurs when the server is running PHP in Safe Mode with a particular version of PHP4 (can't remember which one offhand). The solution is to make the session Save Path in osCommerce admin --> Configuration --> Sessions just tmp with no slash before or after. 6. Running PHP in Safe Mode is done for the benefit of the hosting company and not for you. Usually it's because the server is Windows and they are total c**p when running PHP, or because the server is Apache but running an outdated version or unpatched version of PHP - and turning on Safe Mode avoids them having to upgrade. 7. If on a shared server do not enable caching - or else you can end up with other people's website Categories on your website. I think that about covers it all! Vger Link to comment Share on other sites More sharing options...
silentb0b Posted February 8, 2007 Share Posted February 8, 2007 Okay - final word on this, to clear up some misconceptions that people obviously have on this subject. 1. You have the option when using the osCommerce install procedure of storing session data in files or in the database - your choice. This does not apply if you use an automated install e.g. Fantastico or Power Tools. 2. If you wish to store session data in files then edit the Session Save Path in osCommerce admin --> Configuration --> Sessions to either tmp/ or just tmp On a shared server the problem with storing sessions in files in a tmp folder only occurs if the path is given as /tmp 3. If doing this then make sure that you have a folder named 'tmp' in the root of your osCommerce web, with permissions of 755. 4. If you elected during the install to store sessions in files and wish to switch to storing sessions in the database then edit the last line of both configure.php files to read 'mysql' where indicated. 5. The problem where you have elected to store sessions in the database but are still asked to provide a valid path to a 'tmp' folder only occurs when the server is running PHP in Safe Mode with a particular version of PHP4 (can't remember which one offhand). The solution is to make the session Save Path in osCommerce admin --> Configuration --> Sessions just tmp with no slash before or after. 6. Running PHP in Safe Mode is done for the benefit of the hosting company and not for you. Usually it's because the server is Windows and they are total c**p when running PHP, or because the server is Apache but running an outdated version or unpatched version of PHP - and turning on Safe Mode avoids them having to upgrade. 7. If on a shared server do not enable caching - or else you can end up with other people's website Categories on your website. I think that about covers it all! Vger im having this problem but i cant do #2 and set the /tmp dir because i cant get into the site at all. what file can i manually set this setting in? Link to comment Share on other sites More sharing options...
flux3000 Posted February 12, 2007 Share Posted February 12, 2007 im having this problem but i cant do #2 and set the /tmp dir because i cant get into the site at all. what file can i manually set this setting in? i had same problem, (with my 1st fresh Creloaded 6.2 std install) but as you probably worked out now, you can change the value in phpmyadmin if can't login. login to phpmyadmin choose correct database click on configuration in left then browse go to page 3 or 4 and on line 114, edit /tmp to something else 114 Session Directory SESSION_WRITE_DIRECTORY ../tmp If sessions are file based, store them in this dir... with my host this works for me: ../tmp as tmp folder was already ftp'd there in ./catalog/ hope this saves someone a couple of seconds thinking time :) Link to comment Share on other sites More sharing options...
iLLuSiOnS Posted February 21, 2007 Share Posted February 21, 2007 I have two questions. I was having the same problem with the /tmp directory, but fixed it by turning Php "safe mode" off because it was on. 1. i have a dedicated server, is it wise to use file sessions or database sessions? What are the benefits? 2. if i decide to use file sessions, is there anyway this can cause a vulnerability? the /tmp file is the located on the root of my server, is there anyway this can cause leak of some sort? Link to comment Share on other sites More sharing options...
hydrah Posted August 2, 2007 Share Posted August 2, 2007 114 Session Directory SESSION_WRITE_DIRECTORY ../tmp If sessions are file based, store them in this dir... with my host this works for me: ../tmp as tmp folder was already ftp'd there in ./catalog/ hope this saves someone a couple of seconds thinking time :) I found this worked for me too! Thanks a lot! However, I found the SESSION_WRITE_DIRECTORY to be line 137... no biggie.. :) Link to comment Share on other sites More sharing options...
Guest Posted August 14, 2007 Share Posted August 14, 2007 I am getting this error in the header of my store: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/spiri18/public_html/includes/functions/database.php:286) in /home/spiri18/public_html/includes/functions/sessions.php on line 67 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/spiri18/public_html/includes/functions/database.php:286) in /home/spiri18/public_html/includes/functions/sessions.php on line 67 My store: www.spiritinmind.com I am a neophyte when it comes to php and struggle with it. I also work full time and my store is my part time business - hence I have little time to search for solutions and hack my own files and then hope I don't make it worse! I've had trouble with my store like this before and I was able to hire a programmer from this forum for a half hour to fix it. Will someone take pity on me and direct me to someone I can hire to fix this for me? I'm really afraid that I will just make it worse! Thank you! Link to comment Share on other sites More sharing options...
dadigo Posted May 27, 2008 Share Posted May 27, 2008 I have downloaded from this site http://www.freephp.ru/oscommerce-eng.php There are no problems with sessions after installation. All very well works. There Russian is still added :rolleyes: :rolleyes: :rolleyes: Link to comment Share on other sites More sharing options...
el_super_oso Posted August 19, 2008 Share Posted August 19, 2008 I have a problem when setting the session handler to 'mysql', it works just fine with the default handler, but when I change it I cannot login, after submitting the form it goes back to the login page once and again, with no error message or anything. I wonder if it has something to do with the session configuration. Link to comment Share on other sites More sharing options...
catalindm Posted February 12, 2010 Share Posted February 12, 2010 My company provides hosting services and we support oscommerce. We had to turn SAFE MODE on due to PHP vulnerabilities on shared servers. Here's what I did to solve the issue on my personal sites: define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> in both the includes/ and admin/includes directories I edited the following line on the configuration.php files to "mysql". In osCommerce admin panel under sessions, I deleted /tmp and left the field blank. This has resolved all SAFE MODE issues by storing sessions locally in the database. My recommendation to anyone with a serious (full-time business) osCommerce store, get your own dedicated server and most hosting providers will allow you to run it with SAFE MODE off. It's only when using shared hosting that SAFE MODE must be turned on to protect the server and other shared users. Hope this helps someone. this is the solution that workt for me. ty Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.