File Permissions of PHP Session Files

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I noticed that the file permissions (unix) of the PHP session files
have only read and write permissions for the Apache process (600 or rw-
--- ---).

Does anyone have any idea where this permission is set ? I can't find
umask or chmod settings for it in the php.ini file.  Can't find
anything in
the httpd.conf either.  Is it set in the PHP code that implements

Thanks for any pointers

Re: File Permissions of PHP Session Files

Those files are created and modified by the the apache process, so you
probably want the umask of that user (most likely "nobody").

Just out of curiosity, why do you need to change the permissions on
those files?

Re: File Permissions of PHP Session Files

I was trying to write a bash script to be executed by cron to clean up
old session files that were not properly removed, eg, when the user
didn't do a proper logout which would have activated a

Apparently, the system (either PHP or apache) doesn't do 'garbage
collection' of such files as part of its normal operation.  Or am I
missing something ?

Re: File Permissions of PHP Session Files

Spendwiser wrote:

Quoted text here. Click to load it

You are missing something - the default session handler does clear up old
files. Go RTFM.

Why do you think you need different permissions to remove them using a cron

(you don't)


Re: File Permissions of PHP Session Files

Took a closer look at TFM :) I think I know why there are session files
almost a week old still lying around.  The gc apparently only gets
kicked off on a 0.01 probability, based on default settings.  And my
site haven't got that high a hit rate yet to trigger it often enough.

Well, that's one mystery solved!

Site Timeline