I encountered a strange problem with IE7 and IE8 where if I visited example.com first and then visited sub-domain.example.com, Apache would return Permission Denied errors errors when trying to access the PHP session files for sub-domain.example.com.
After some investigation, it appears this is a problem with the way IE7 and IE8 request session data from Apache, or possibly because IE7 and IE8 have a non-standard way of announcing the domain they’re requesting session data for.
Here’s my scenario:
I’m running Apache 1.3 with two domains, each has their own account with their own users:
Domain: mycompany.com
Session path: /tmp/
Webserver user: mycompanycom
Domain: support.mycompany.com
Session path: /tmp/
Webserver user: nobody
Here is what happens during a normal visit with Firefox/Safari/Chrome:
- I visit mycompany.com and session file is created in
/tmp/owned by the usermycompanycom - I then visit support.mycompany.com, and second session file is created in
/tmp/owned by usernobody - Apache doesn’t get confused and the correct session files are returned
However, here’s what happens during a visit with IE7 and IE8:
- I visit mycompany.com and a session file is created in
/tmp/owned by the usermycompanycom - I then visit support.mycompany.com and, instead of creating second session file in
/tmp/owned by the usernobodyas you would expect (and as happens when using Firefox/Safari/Chrome), Apache tries to return the session file for mycompany.com. - The session file for mycompany.com is owned by the user
mycompanycom, so the web server, running as usernobodycannot access it. Permission is denied.
I searched Google for a solution and came across this question on StackOverflow. Several users suggested creating a separate directory in /tmp/ to separate the stored session data for support.mycompany.com from the session data for mycompany.com and then telling PHP to store all session data for support.mycompany.com in the new directory. This worked perfectly!
Here’s what I did. First, create the new session directory (Note: Make sure the new directory resides inside /tmp/!):
mkdir /tmp/support.mycompany.com
chown nobody:nobody /tmp/support.mycompany.com
I then added the following to an .htaccess file in the root web directory for support.mycompany.com:
php_value session.save_path '/tmp/support.mycompany.com'
And finally, I removed all existing session data in /tmp/ to ensure the new session path would get used immediately:
rm -f /tmp/sess_*
And that’s it! Now IE7 and IE8 work properly because when visiting support.mycompany.com, IE7 and IE8 do not accidentally find session data for mycompany.com and try to use it.
I’m fairly certain this problem has to do with how IE7 and IE8 request session data from Apache. They probably first request session data for mycompany.com and THEN request session data for support.mycompany.com, even though the latter was the only doman entered in the address bar.
Thnx for sharing your story with us, this saves me a lot of headache.
Regards,
Haris
You’re welcome, Haris! I’m happy I could help!