session_save_path & session_start strange behavior

ejpoirier

developing a site hosted on godaddy.com (linux & apache). trying to start sessions, I created a a "sessiondata" dir in the cgi dir (the only directory I have access to that doesn't have world readable permissions). I CHMOD the "sessiondata" dir to 777. I then call "session_save_path" and enter the new path. So, the code looks something like this:

session_save_path("<my_new_path>/sessiondata");
session_start();

When i call session_start() I get this warning:

Warning: session_start(): open(<my_set_directory>/sessiondata/6/4/./64.202.163.190/sess_eab5c0c135a0207db804ab2fb9c8e4d9, O_RDWR) failed: No such file or directory (2) in /var/chroot/home/content/l/a/n/landandtimber/html/cp/index.php on line 21

What's odd to me is that the warning is showing so many subdirectories under my "sessiondata" dir. It seems to me that the session_start function is trying to create these, or is looking for some other directory structure under "sessiondata". I've looked in the php docs and see that there's a directive to add "N" subdirectories to the session directory. From what I can tell this isn't what's happening on the server. It appears to be creating a directory structure based on the first digits of the referring IP address. Any thoughts?

rehfeld

i know there is a setting somewhere to make php use a hierarchy of directories for saving session files to.

for example, instead of saving ALL session files to a single directory, you can specify the depth of subfolders to use as well. for a host with tons of websites on the same server, you can imagine how many thousands of session files would end up in 1 dir, which isnt efficient.

in your case, it looks like the depth is set to 3 or 4.

as far as why its using an ip address, they are likely using thier own custom function for creating session ids. probably set using
session.entropy_file =

i would do a phpinfo(); and look at what settings they have used.