If you get a error like this: "PHP SAFE MODE Restriction in effect" or this "session.save_path is not set", the solution might be as following:
Make sure, you've got session.save_path uncomment in your PHP.INI file
grep session.save_path /usr/local/lib/php.ini
grep session.save_path /usr/local/etc/php5/cgi/php.ini
you should see something like this:
session.save_path = "/tmp"
If you see the different, then update it and restart apache.
Case: Apache + PHP as mod_php
It was mentioned somewhere that to have session.save_path pointed into /tmp is not very secure, as a hacker with a hosting account on your server might hijack a session file from a neighbor site, if he (or she) manages to get list of files located in /tmp. To prevent this you might want to store sessions under user's home directory, e.g.
to make it work, you should set a directive for every virtual host, open corresponding template file and find the line
php_admin_flag engine |PHP|
and add below it a new line with
This way you should update the following files:
You should make the directory automatically created on user adding, us this script to achieve the desired:
and add lines
chown $username:$username "$DIR/tmp_sessions"
chmod 700 "$DIR/tmp_sessions"
All new accounts will have these updates by default since you've done it. You might need to update your current users, in order to do this run:
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
and this command to create necessary directories:
cd /home; for user in `ls -1d *`; do echo $user; mkdir /home/$user/tmp_sessions; chmod 700 /home/$user/tmp_sessions; chown $user:$user /home/$user/tmp_sessions; done;
By the way, the fact it is insecure to store PHP sessions in /tmp directory might be the reason why it's commented in the default PHP.INI and why some PHP scripts define their own session storage.