sessions.php error in SSL directory

**nathmeister** · 10 May 2007, 03:14 PM

Hi,

This is the first time i have had to make a post cos all the info on here is usually spot on! But i am having a problem now...

I switched servers (but stayed with the same provider so not much changed) and the site worked fine. But now i am trying to set up a secure checkout with standard cc module and every time it switches to https:// i get this error:

Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect. File(/usr/local/psa/home/vhosts/justaddweed.co.uk/httpdocs/cache) is not within the allowed path(s): (/usr/local/psa/home/vhosts/justaddweed.co.uk/httpsdocs:/tmp) in /usr/local/psa/home/vhosts/justaddweed.co.uk/httpsdocs/includes/functions/sessions.php on line 161

https://www.justaddweed.co.uk/index.php?main_page=login

I have read everything i can find on this forum but i'm just not finding an answer!
I have tried running fix_cache_key.php from my http root and https root and it did do something once but didn't fix the prob.
I have also checked all my /cache locations in all configure.php files and i just keep going around in circles.

I am running 1.2.7 and cannot upgrade easily because i have not been using the override directories properly (i know this is stupid!) and i think myysql 5.x is running too but i have fixed all the other probs associated with that (i hope).

Any help anyone can give me would be great!

**Website Rob** · 10 May 2007, 05:36 PM

This is problem:
/usr/local/psa/home/vhosts/justaddweed.co.uk/httpdocs/cache

That path is described in both your config files, at the bottom. Since you've changed Servers, the path needs to be changed to reflect the new path on the new Server.

If not sure how to do that, your Hoster should be able to help you and/or fix it within minutes.

**nathmeister** · 10 May 2007, 05:57 PM

Thanks for your quick reply!

I have just checked with my host and they say that the path is:

/usr/local/psa/home/vhosts/DOMAIN.EXT/httpdocs

which means

/usr/local/psa/home/vhosts/justaddweed.co.uk/httpdocs/cache

is correct.

Should this be .../httpsdocs/cache?

Should
httpdocs/admin/includes/configure.php,
httpdocs/includes/configure.php,
httpsdocs/admin/includes/configure.php and
httpsdocs/includes/configure.php
all point to the same place path?

cheers!

**DrByte** · 10 May 2007, 10:41 PM

Try moving your cache folder up a level, above httpdocs
Then point DIR_FS_SQL_CACHE in all your configure.php files to the new location.
Also update your Admin->Configuration->Sessions->Session Directory to the new location.

**nathmeister** · 11 May 2007, 11:59 AM

DrBryte, cheers - i tried making a cache dir at ..../anon_ftp/cache and changed all that you said, but it still came up with the same error saying that:

...is not within the allowed path(s): (/usr/local/psa/home/vhosts/justaddweed.co.uk/httpsdocs:/tmp)

can i just disable this cache function as it is set to none anyway?

**DrByte** · 11 May 2007, 12:07 PM

You probably need to put it here so it's available to both the httpdocs and httpsdocs modes:
/usr/local/psa/home/vhosts/justaddweed.co.uk/cache

Zen Cart uses this folder for both db-caching as well as session-data-storage. If you don't give it a spot to store session data (accessible equally from http and https modes) then your customers will always have "zenid" parameters on their URL's, making your site less secure and at risk of session hijacking.
If your store isn't dropping the zenid after the 2nd click on your site, then either you have this session problem or the browser doesn't have session-cookie support enabled (ie: they have it blocked).

**nathmeister** · 11 May 2007, 12:13 PM

cool, i wasn't able to creat e a new dir, but will get onto my host and try it that way,

will let ya kno!

**nathmeister** · 11 May 2007, 12:35 PM

This was a reply from an earlier email from our host...

It looks like this script is calling files from httpsdocs when they're actually located in httpdocs - you just need to alter the path that they're referencing. If you are using a mirrored httpdocs/httpsdocs (so the content of one is available in the other) this can cause problems when referencing absolute paths. By the sound of it, this isn't what you'reusing though, so feel free to ignore.

Warning: session_save_path() [function.session-save-path]: open_basedir restriction in effect.File(/usr/local/psa/home/vhosts/justaddweed.co.uk/httpdocs/cache) is not within the allowed path(s)/usr/local/psa/home/vhosts/justaddweed.co.uk/httpsdocs:/tmp) in/usr/local/psa/home/vhosts/justaddweed.co.uk/httpsdocs/includes/functions/sessions.php on line

What do you reckon?

**nathmeister** · 11 May 2007, 12:40 PM

DrB - does the new cache dir need to be 777 or is 755 ok? (i can't change it at the mo!!)

**DrByte** · 11 May 2007, 12:47 PM

1. It would be MUCH better if your account could be configured to serve SSL content directly from the httpdocs folder.
Zen Cart dynamically builds everything from one fileset. It does not need the old-school protection offered by using separate folders for the SSL content.

2. The cache folder needs to be 777 (the last digit, which means 'world permissions' needs to be a 6 or higher in order to allow apache to write content to the files. Some host configurations require the 7 instead of 6 in order for it to work. More details on what the 3 digits mean can be found by googling about file permissions, or by checking the FAQ system at: http://tutorials.zen-cart.com )