PHP Session is not read

Question

I'm having some "fun" sharing session between magento and Symfony2. It works really well on my computer (mac osx 10.6 + PHP 5.3.3) and here is the mechanism :

User logs in into magento (on foo.example.com)
User goes on another website (bar.example.com) and is logged as well.
Session are stored as files under the magento var/session directory.

The session cookie is set to be shared on all .example.com subdomains. As I said before, it works perfectly on my machine.

I deployed the two applications today on an Ubuntu 8.0.4 server with PHP 5.3.5-dotdeb and configured the session sharing mechanism for my production domains (.example.org). The session cookie is shared between the two subdomains as well.

And now, the fun begins :

I log in on my magento application on foo.example.org and gets a session cookie with value "abc"
A file name sess_abc is create in magento var/session directory.
file owner is www-data:www-data and files rights are -rw-------
If I refresh the magento page, I'm still logged.
I go to my other application on bar.example.org
PHP accepts the session cookie abc but does NOT retrieve the data inside.
If I do a var_dump($_SESSION), I'll have an empty array
At the end, the file sess_abc is overwritten and the rights are the same.
If I refresh this page, my var_dump will provide some informations that symfony wrote into the session.

Do you guys have any thought on why PHP does not retrieve datas from this session file ? I already tried to chmod go+rw the session file but the result is the same...

A big big big thanx in advance !

EDIT :

Suhosin is enabled. phpinfo() gives this on bar.example.org

suhosin.session.checkraddr  0   0
suhosin.session.cryptdocroot    On  On
suhosin.session.cryptkey    [ protected ]   [ protected ]
suhosin.session.cryptraddr  0   0
suhosin.session.cryptua Off Off
suhosin.session.encrypt On  On
suhosin.session.max_id_length   128 128
session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn Off Off
session.cache_expire    180 180
session.cache_limiter   no value    nocache
session.cookie_domain   .example.org    no value
session.cookie_httponly Off Off
session.cookie_lifetime 3600    0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.name    frontend    PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /www/var/session    no value
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    On  On
session.use_trans_sid   0   0

A stab in the dark: is suhosin enabled on your host, and if so, what are its suhosin.session.* settings? (and please provide all normal session.* settings as well, saves more guesswork :) — Wrikken
@futurecat: session.cookie_domain looks good, so my idea is busted. — drudge
@Wrikken : I disabled suhosin extension and it works like a charm. I'm gonna disable the settings that wrack off the app and enable suhosing again. Anyway, I owe you a beer! ;) Thanx — futurecat
Ack, the suhosin.session.cryptdocroot is the one that does it I guess :) — Wrikken

lyrixx lyrixx · Accepted Answer · 2011-03-30T22:38:40

I don't know you you know, but magento store sessions in "private" folder path/to/magento/var/session... May be on MacOS you could overide your php.ini (trought magento) in oder to overide your session path; But on ubuntu you cannot (/may not) overide you php.ini...

Have you check this ?

PHP Session is not read

2 Answers