Sessions and CGI via suexec

giordanoe2

This might seem like a stupid question but I've been beating my head against the wall with this one.

If I start a session using a normal php script, and then attempt to carry that session over into a script running via cgi as myself on the server machine (for security reasons as it is reading a datafile) I receive permission errors on reading the session file when I try to access the _SESSION[] array.

Any workarounds or suggestions??

~Ethan

keith73

the session files are stored in /tmp (unless you altered your php.ini file) and are probably owned by apache. That would be why you can't access it.

When php creates the session, it is probably running as user apache. When you then suexec, php will try and access the session file as your user and that's where you'll get permissions errors.

keith

giordanoe2

Keith,

I figured that was what was happening. Is there a workaround to this phenomenon? Basically what I am working on is a login script that isn't allowed to use database access for portability's sake (not my idea!). So once I've gotten the encrypted password over to the server I need to check it against a datafile which cannot for obvious reasons be world readable.

I've been mulling this over in my head and just can't come up with a solution.

Do you know what happens if I start a session while running as myself? Will the sessions then be created under my user and be accessable? I just didn't want to complicate the install of my complete package by requiring alot of the scripts to be installed to the cgi-bin directory.

Any more input would be appreciated.

~Ethan