Scenario: A client opens an account from a webhost, account is activated. The client does not have a writable session.save_path directory (usually and by default points to /tmp). As a recourse, the client uses .htaccess to declare a session.save_path of their own under their account directory.
This is both bad to the client and the host because anything you put in the .htaccess adds to the server load, having a session.save_path php directive in .htaccess is not much but is not efficient since this can(SHOULD) be handled in the server level automatically upon Client Account creation.
Note: If you are on a shared hosting, and your session.save_path points to /tmp and you can write to it, inform the host immediatly as this means everyone on their cluster and possibly someone from the outside can write on the /tmp directory which is a compromise to the security of the whole hosting server and sites it hosts.
Resolution: Alter the following lines of the file: /var/cpanel/templates/apache2/vhost.default
From:
To:
Then run
[shell command]
/usr/local/cpanel/bin/build_apache_conf
The above changes will make all your clients under your shared environment to have their own session.save_path pointed to their own /tmp directory under their space upon account creation. You may make the creation of the /home/{USER}/tmp directory automatic or if not advice your client to create one so they may have a writable session.save_path.
Depending if your server has phpSuExec/or not, you need to make sure that httpd/apache can write to the /home/{USER}/tmp directory per client.
No comments:
Post a Comment