I encountered a strange problem with IE7 and IE8 where if I visited `example.com` first and then visited `sub-domain.example.com`, Apache would return Permission Denied errors errors when trying to access the PHP session files for `sub-domain.example.com`.
After some investigation, it appears this is a problem with the way IE7 and IE8 request session data from Apache, or possibly because IE7 and IE8 have a non-standard way of announcing the domain they're requesting session data for.
Here's my scenario:
I'm running Apache 1.3 with two domains, each has their own account with their own users:
Domain: mycompany.com Session path: /tmp/ Webserver user: mycompanycom Domain: support.mycompany.com Session path: /tmp/ Webserver user: nobody
Here is what happens during a normal visit with Firefox/Safari/Chrome:
- I visit `mycompany.com` and session file is created in
/tmp/
owned by the usermycompanycom
- I then visit `support.mycompany.com`, and second session file is created in
/tmp/
owned by usernobody
- Apache doesn't get confused and the correct session files are returned
However, here's what happens during a visit with IE7 and IE8:
- I visit `mycompany.com` and a session file is created in
/tmp/
owned by the usermycompanycom
- I then visit `support.mycompany.com` and, instead of creating second session file in
/tmp/
owned by the usernobody
as you would expect (and as happens when using Firefox/Safari/Chrome), Apache tries to return the session file for mycompany.com. - The session file for `mycompany.com` is owned by the user
mycompanycom
, so the web server, running as usernobody
cannot access it. Permission is denied.
I searched Google for a solution and came across this question on StackOverflow. Several users suggested creating a separate directory in /tmp/
to separate the stored session data for `support.mycompany.com` from the session data for `mycompany.com` and then telling PHP to store all session data for `support.mycompany.com` in the new directory. This worked perfectly!
Here's what I did. First, create the new session directory (Note: Make sure the new directory resides inside /tmp/
!):
mkdir /tmp/support.mycompany.com
chown nobody:nobody /tmp/support.mycompany.com
I then added the following to an .htaccess
file in the root web directory for `support.mycompany.com`:
php_value session.save_path '/tmp/support.mycompany.com'
And finally, I removed all existing session data in /tmp/
to ensure the new session path would get used immediately:
rm -f /tmp/sess_*
And that's it! Now IE7 and IE8 work properly because when visiting `support.mycompany.com`, IE7 and IE8 do not accidentally find session data for `mycompany.com` and try to use it.
I'm fairly certain this problem has to do with how IE7 and IE8 request session data from Apache. They probably first request session data for `mycompany.com` and THEN request session data for `support.mycompany.com`, even though the latter was the only doman entered in the address bar.