Nginx / php / php-fpm | Cookie persistence issue

Question

Nginx / php / php-fpm | Cookie persistence issue

Hey.

I am now in the middle of reinstalling my dedicated server. I went with

-Ubuntu Server 10.10

-PHP 5.3.3.1

-PHP-FPM

-nginx

Now almost everything works, although there remains one problem with the sessions. No matter what I do, the sessions do not seem to be stored properly (and they were performed during the previous setup).

The base application is the phpBB board. When I log in, everything is fine - although it adds an additional SID parameter to all URLs.

forum / index.php? S.I.D. = f506ccd42065322f61cb56fc6df6557a

You can navigate the forums without any problems, but if you remove the SID parameter, you will be logged out. I thought that maybe the sessions are not stored in cookies, but in URLs, but the php configuration seems fine.

The same thing happens with phpMyAdmin - I also log out when I remove the token parameter.

At the same time, it seems that cookies are created in any case, they do not seem to be used or are immediately deleted.

I'm getting more and more upset, maybe someone has an idea to fix this? I will send the necessary configuration files.

I thought maybe this is a problem with suhosin (it was not installed on the previous setup), but I have no idea. PHP configuration - outside the atm box, I just modified the nginx configuration.

+4

php cookies nginx session

user514592 Nov 20 '10 at 16:55

source share

4 answers

Marc b · Answer 1 · 2010-11-20T20:46:32+0000

The various session cookie options are described here .

In particular, check the settings for "session.use_cookies", "session.use_only_cookies" and "session.trans_sid". If PHP cannot successfully create a cookie, it will return to the trans_sid method (this is what you see: the session identifier is passed as a query / form variable).

You can trivially check if cookie related headers are coming out with Firebug and HTTPFox in Firefox. Both allow you to view inbound / outbound headers for requests.

seriyPS · Answer 2 · 2010-11-21T01:01:03+0000

Maybe some useful information can be found in the PHP-fpm error log ? Set parameters in php.ini

 error_reporting = E_ALL & ~E_DEPRECATED log_errors = On error_log = ;

some php file can write or "syslog"

Also try looking at nginx error log .

Does PHP-fpm process-owner write permissions for sessions dir ? See session.save_path in php.ini for session dir

Ivan Velkov · Answer 3 · 2012-02-06T16:12:30+0000

See if your session_path is correctly specified and has the rights. This fixed my problem.

Aaron rodrigue · Answer 4 · 2010-12-14T01:53:09+0000

Also, be aware of the user and process group, as this will affect the default permissions with which session files are created. If the default value is set, it can be created as root , and then cannot be read the next time the session file is accessed.

Locate the Unix user/group processes in php-fpm.conf and set the user and group to php-fpm

Nginx / php / php-fpm | Cookie persistence issue

More articles: