[RESOLVED] session_start() and shared hosting provider issue

ppowell

I am in the middle of debugging a script that is hanging on "session_start()", which, if I recall, can occur if session.save_path points to a directory onto which you do not have permission to access (I verified and yep, no love on that folder).

So I figured I'd simply rewrite session.save_path:

<? ini_set('session.save_path', '/path/where/there/is/love'); ?>

To no avail, because the shared hosting provider also informed me that you are not permitted to overwrite the default settings of php.ini because it's a shared hosting provider.

UGH!

So my next and last idea is to copy over a local copy of php.ini to my /[account root folder] directory, however, I am only given access to /htdocs and /cgi-bin.

Obviously /htdocs = BAD IDEA since the known universe can read the contents of php.ini via browser, but the shared hosting provider will not allow me to move it outside of /htdocs document root folder.

That leaves /cgi-bin. Is that a good idea? Or do you all have a better idea as to what to do? Bottom line: I just want to be able to use session_start(), optionally, ini_set().

I need an answer rather quick as the site is breaking and my boss wants an answer before COB today and I am trying to come up with one stat!

Thanx
Phil

bradgrafelman

ppowell wrote:
Obviously /htdocs = BAD IDEA since the known universe can read the contents of php.ini via browser

Not true if you have the ability to use a .htaccess file:

<Files php.ini>
    Order allow,deny
    Deny from all
    Satisfy All
</Files>

ppowell

Did not know that, sorry my knowledge of .htaccess is a bit scant, so thanx for the tip going forward

Turns out I used session_set_save_handler() to use a class I wrote prior to session_start() and all is well with that, but thanx, this solution seems a bit easier to manage

Phil