Server Fault Asked by Mooseman on November 24, 2021
I am occasionally getting the following error when loading a PHP page:
PHP Notice: session_start(): ps_files_cleanup_dir: opendir(C:WindowsTEMP) failed: No error (0) in C:serverdefault.php on line 299
Month-old sess_
files in C:WindowsTEMP
still exist.
I am running PHP 5.6.5 on IIS on Windows 8.1.
Why is PHP unable to perform garbage collection, and how do I fix it?
I found that the easiest way to deal with this problem was to change the path being used to save temporary information to one of my choosing, followed by setting the appropriate security permissions.
To change the path used to store temporary files:
php.ini
for your installation (mine was located in C:Program FilesPHPv7.4
).session.save_path
setting.C:WindowsTemp
to a folder of your choosing. I created a folder specifically for this.To change the permissions on the folder you specified above:
Properties
.Security
tab.Advanced
to open the Advanced Security Settings
popup.Change Permissions
.Add...
to add a new user.IIS_IUSRS
as the object name and click OK
.Permissions Entry
popup, tick the settings for Full control
under the Allow
column.OK
to return to the main Permissions
list.Replace all child object permissions with inheritable permissions from this object
.OK
and confirm all the other popups and windows.PHP should immediately begin to use the new folder location for session and temporary data.
Answered by Martin on November 24, 2021
Session temporary files are created in this directory as per the ‘session.save_path’ property in php.ini. Without the permissions to delete files in this directory PHP is unable to remove these files as part of its normal session garbage handling process and so they accumulate when they are no longer needed/you will occasionally see this error whenever garbage collection is performed.
The Application Pool user, which is the one that actually runs the PHP executable, needs at least modify permissions on C:WindowsTEMP to perform garbage collection (this is not granted by default). If you have not changed this user from the default then it should be 'DefaultAppPool', or you can use the App Pool group, which will be similar to IUSRS.
Best practice is to create a new Application Pool for each site. When you do this IIS will create a Windows user which you can then grant modify permissions to. You can script this or do it from the command line using the following command:
icacls c:windowsTEMP /inheritance:e /grant "IIS APPPOOLyour-user:(OI)(CI)M" /t /c /Q
Update: As Gremio notes, you should move the session files to a specific directory, so that you are not granting write access for this user (that may be exploited) to whatever else Windows stores in the TEMP directory. You can modify the sessions save settings in the php.ini, globally, or specifically for your application at run time (details here).
Answered by Dean on November 24, 2021
Just give Full Permissions to the User "IUSR" on the Directory "C:WindowsTemp". Maybe just Directory Listing and Deleting is enough... but in a non-productive system this shouldn't be a problem.
Answered by Saiimen on November 24, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP