PHP on Windows - ps_files_cleanup_dir error

I found that the easiest way to deal with this problem was to change the path being used to save temporary information to one of my choosing, followed by setting the appropriate security permissions.

To change the path used to store temporary files:

1. Edit the php.ini for your installation (mine was located in C:Program FilesPHPv7.4).
2. Located the session.save_path setting.
3. Change the path from C:WindowsTemp to a folder of your choosing. I created a folder specifically for this.

To change the permissions on the folder you specified above:

1. Right-click on the folder in Windows Explorer and choose Properties.
2. Choose the Security tab.
3. Click Advanced to open the Advanced Security Settings popup.
4. Click Change Permissions.
5. Click Add... to add a new user.
6. Type in IIS_IUSRS as the object name and click OK.
7. On the Permissions Entry popup, tick the settings for Full control under the Allow column.
8. Click OK to return to the main Permissions list.
9. Make sure to select the checkbox at the bottom of the page that states Replace all child object permissions with inheritable permissions from this object.
10. Click OK and confirm all the other popups and windows.

PHP should immediately begin to use the new folder location for session and temporary data.

Session temporary files are created in this directory as per the ‘session.save_path’ property in php.ini. Without the permissions to delete files in this directory PHP is unable to remove these files as part of its normal session garbage handling process and so they accumulate when they are no longer needed/you will occasionally see this error whenever garbage collection is performed.

The Application Pool user, which is the one that actually runs the PHP executable, needs at least modify permissions on C:WindowsTEMP to perform garbage collection (this is not granted by default). If you have not changed this user from the default then it should be 'DefaultAppPool', or you can use the App Pool group, which will be similar to IUSRS.

Best practice is to create a new Application Pool for each site. When you do this IIS will create a Windows user which you can then grant modify permissions to. You can script this or do it from the command line using the following command:

icacls c:windowsTEMP /inheritance:e /grant "IIS APPPOOLyour-user:(OI)(CI)M" /t /c /Q

Update: As Gremio notes, you should move the session files to a specific directory, so that you are not granting write access for this user (that may be exploited) to whatever else Windows stores in the TEMP directory. You can modify the sessions save settings in the php.ini, globally, or specifically for your application at run time (details here).

Just give Full Permissions to the User "IUSR" on the Directory "C:WindowsTemp". Maybe just Directory Listing and Deleting is enough... but in a non-productive system this shouldn't be a problem.