PHP displays error "Failed to write Session data" at random times

Asked

Viewed 92 times

1

I have a website that is fully functional and the failure rate is 0.0037%, however all errors are the same.

Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp)

I searched for some information on PHP Session Handling error and also in Failed to write Session data (files). But both solutions did not solve the problems, in addition the questions apparently referred to a persistent problem, I mean a problem that was presented at any time.

In my case this problem occurs during short time, for on average two minutes and does not affect all users, even because there is little data in the logs. In the last 24 hours this occurred only between 17:52 and 17:54, after that there was no error of the same type and everything continues to work normally. Because it is a small space of time I can not test the site precisely at this time or do other checks.

I wonder what could be causing this problem.

Is there a file-by-folder limit or limitation on creating new sessions, which then blocks writing? Is there any PHP process (or even Centos itself) that changes the folder permission or that can block writing?

I have not yet tried to change the folder where sessions are saved, but I will do this soon.

php session centos

1 answer

5


I discovered the problem, which was one of the things I suspected but I didn’t think it was the problem.

I use some vulnerability testing software, although they do not accuse errors I started to find that such errors were related to such tests, because the errors were presented in "large amount" after 2~3 hours of the tests being started, tests are made at random times!

The problem I discovered is related to the use of "invalid" characters as a cookie value SESSION, this causes the reading problem of SESSION.

Testing the problem:

Whether the session cookie (by default is named PHPSESSID) has a value of the type !@#$!%!@#$@#!!!#!#!@#% he will be accusing the problem:

Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp)

To change the value of the cookie you can use the extension to Editthiscookie.

If you want, you can use Javascript to change the cookie:

var nome = "PHPSESSID";
var valor = "!$!@$!@@#!@#!@#";

document.cookie = nome+"="+valor;

Correction:

To cause the problem requires that some curious (being optimistic) has changed the value of the cookie used to set the session.

The correction I thought was the following:

$sessao = "PHPSESSID";

if(isset($_COOKIE[$sessao]) && !preg_match('/^[A-Za-z0-9,-]+$/', $_COOKIE[$sessao])){
     unset($_COOKIE[$sessao]);
}

session_start();

That would be a generic, not ideal solution.

First is to know exactly which characters would be valid, it depends only on this:

session.hash_bits_per_character = 5

If it’s four, it’ll be [a-f0-9].
If it’s five, it’ll be [a-v0-9].
If it’s six, it’ll be [A-Za-z0-9,-].

Read the documentation on http://php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-Character

Second is the number of valid characters, PHP by default generates 26 character sessions, this depends on the COMBINATION of the following values:

session.hash_function = md5
session.hash_bits_per_character = 5

This combination will result in higher or lower session value, so you need to test to change the number of characters of REGEX based on the number of characters.

Read the answer on https://stackoverflow.com/a/17032075/3043018

In my case I’m wearing this EXACTLY:

if(isset($_COOKIE['_sid']) && !preg_match('/^[a-v0-9]{52}$/', $_COOKIE['_sid'])){
     unset($_COOKIE['_sid']);
}

Browser other questions tagged php session centos

You are not signed in. Login or sign up in order to post.