Hi
RE: Upgrade kills php sessions via memcache - cPanel & WHM 64.0 (build 17)
I'm disappointed with the latest release of WHM - it caused a live incident on many of my clients websites and apps, that use sessions via php
There should be a check during the upgrade to see if a server had been set to 'memcache' or 'memcached' as the save handler and leave the config as is, or at least comment out for easy restoration
'session_handler' should have been updated also to 'files' to at least make the change work
I've changed back to the following for use with 'memcache' and restarted, and all is working well again - i use 2 memcache instances locally:
If you use 'memcached' (less control per memcache/elastic search node if using redis), it would be something like this:
More example config: stackoverflow.com/questions/3884905/using-memcache-as-a-session-store and stackoverflow.com/questions/24184568/php-sessions-not-being-saved-in-memcache
You can also create a cron job and script (nodejs,php,ruby, etc) to clear sessions every 30-60mins from memcache, or use something like this: github.com/TheLastCicada/flush-memcache/blob/master/flush-memcache.php
I've created a poll, if anyone is interested to see how sessions are stored across the cPanel community
Thanks
Tom
RE: Upgrade kills php sessions via memcache - cPanel & WHM 64.0 (build 17)
I'm disappointed with the latest release of WHM - it caused a live incident on many of my clients websites and apps, that use sessions via php
I have configured it to use 'memcache', but it appears the latest update blindly changed my config without my permission which broken sessions completely:Secure PHP Session Save Path
More Information - MultiPHP INI Editor for WHM - Version 64 Documentation - cPanel Documentation
PHP will now use a secure session save path. Previously, /tmp was the default location for PHP session files. This has been changed to /var/cpanel/php/sessions. This directory has special permissions that prevent various vulnerabilities with the PHP session files. A cronjob has also been added that is used to clean expired sessions. This is enabled across all PHP installs.
Code:
session.save_handler = memcache
session.save_path = "/var/cpanel/php/sessions/ea-php56"
'session_handler' should have been updated also to 'files' to at least make the change work
Code:
session.save_handler = files
session.save_path = "/var/cpanel/php/sessions/ea-php56"
I've changed back to the following for use with 'memcache' and restarted, and all is working well again - i use 2 memcache instances locally:
Code:
session.save_handler = memcache
session.save_path = "tcp://127.0.0.1:11211?persistent=1&weight=1&timeout=1&retry_interval=5,tcp://127.0.0.1:11212?persistent=1&weight=1&timeout=1&retry_interval=5
"
If you use 'memcached' (less control per memcache/elastic search node if using redis), it would be something like this:
Code:
session.save_handler = memcached
session.save_path = "127.0.0.1:11211,127.0.0.1:11212"
More example config: stackoverflow.com/questions/3884905/using-memcache-as-a-session-store and stackoverflow.com/questions/24184568/php-sessions-not-being-saved-in-memcache
You can also create a cron job and script (nodejs,php,ruby, etc) to clear sessions every 30-60mins from memcache, or use something like this: github.com/TheLastCicada/flush-memcache/blob/master/flush-memcache.php
I've created a poll, if anyone is interested to see how sessions are stored across the cPanel community
Thanks
Tom
Last edited by a moderator: