Issues with PHP 5.3 and sessions folder Issues with PHP 5.3 and sessions folder linux linux

Issues with PHP 5.3 and sessions folder


The fix: In your php.ini set session.gc_probability to 0

The causeI believe I found the answer here http://somethingemporium.com/2007/06/obscure-error-with-php5-on-debian-ubuntu-session-phpini-garbage

Essentially, the garbage collection is set up to be done by cron jobs on some systems (i.e. Ubuntu/Debian). Some php ini executables like php-cli also try to do garbage collection and that results in the error you got.


This seems to be a typical error on Ubuntu servers (I'm using Lucid LTS). The default permissions of the /var/lib/php5 directory there are

drwx-wx-wt  2 root     root     4096 2011-11-04 02:09 php5

so it can be written but not read by the web server, I guess that explains the errors.

As Ubuntu has it's own garbage cleaning via cron (/etc/cron.d/php5), it's probably best to disable php's garbage collection as suggested above by Diwant Vaidya.

session.gc_probability = 0

There's actually a reason the session folder should not be world readable - as the PHP Manual says:

If you leave this set to a world-readable directory, such as /tmp (the default), other users on the server may be able to hijack sessions by getting the list of files in that directory.


The solution I currently use (which I am not sure is the correct one) is to give ownership on the session folder to the Apache user (www-data in my case).