Temporary session files

Hi Greg

Thanks for posting! 

My first thought is that the /tmp directory doesn't have the proper file permissions.  You could contact your web host and ask them to confirm file permissions are set correctly. You can even give them a quick overview of what's happening to see if they have any suggestions. I recommend being as general as possible with your host though. Something along the lines of "I have some software writing to the /tmp folder and it doesn't seem able to delete anything, could you check the permissions are correct?". 

My next thought is to look at upgrading to the latest version of CMS Builder. One of the latest features is an error logging system and that might give us more detail about on any silent errors happening that are otherwise not reported. 

After that, my final thought for now is to send through a second level support ticket so we can take a closer look ourselves. You do that here:

https://www.interactivetools.com/support/email_support_form.php

And there we go. Let me know any questions. Thanks!

Hi Ross,

Thank you for your help. I am running the site on an unmanaged VPS so I will need to make the permission changes myself. Can you tell me what the permissions should be please?

Thank you,

Greg

Hi Greg

I'd start by giving them full permissions and see if that works.  I am also curious if there might be some sort of utility on the server itself that is supposed to be doing the clean up for you and just isn't turned on or configured properly. We are definitely starting to get out of my area of expertise at this point though.

Keep us up to date :).

Hi Ross,

I have tried changing the permissions to 0777 but this doesn't seem to have worked.

Can I please create a second level support ticket for you guys to take a look?

Thank you,

Greg

Hi Greg

Sure thing!  Here's the link:

https://www.interactivetools.com/support/email_support_form.php

Could you mention this forum thread in the support request so we can keep anyone else following along up to date.

Thanks!

Ross

Hi Greg

Sure thing!  Here's the link:

https://www.interactivetools.com/support/email_support_form.php

Could you mention this forum thread in the support request so we can keep anyone else following along up to date.

Thanks!

Ross

Hi Greg, 

It's normal for PHP to create thousands of temporary session files.  They're used by PHP to store use data from $_SESSION and should be automatically cleaned up and managed by PHP without you having to do anything.

PHP will create one session file per unique visitor, setting a cookie to determine if it's seen a user before.  If you get a search bot or vulnerability scanner checking your website and you have sessions enable that can create thousands of files in a short time.

Here's some reference pages: 
http://php.net/manual/en/book.session.php
http://php.net/manual/en/intro.session.php
http://php.net/manual/en/session.configuration.php

How many session files are there and how big are they?  

Let me know and I'll try and point you in the right direction.

Cheers!

Hi Dave,

Thanks for your comments. There are approximately 20 session files being created every second and they range in file size from 50kb to 500kb. I have sent a second level support request with the server details so please login and take a look if you are able to.

In the mean time, I have realised that I can run the SSH commands I mentioned earlier (to delete the temporary session files) using the Shell Console facility in the Developer Console plugin. Is there any way you can help me write a (bash?) script that can run via cron every 10 minutes. I just need the two SSH commands below to be run automatically:

# cd /tmp

# rm -rf sess_*

This will then delete all the files and the website remains online!

Thank you for your help, I really appreciate it.

Greg

Hi Greg, 

Thanks for that, I was able to login with the details from ticket MVI-770706.  I closed the ticket and I'll respond here.

You absolutely do not want to write a cron job to erase the session files.  That's just going to mask the problem.  Management of session files is typically built into the OS or PHP and you shouldn't need to do anything.

The problem is actually the same issue we talked about last year.  You've got PHP code saving huge amounts of data in $_SESSION.   You can test this by logging in as root via SSH and viewing some of the session files in /tmp.  They have record lists in them.  That's why they are so large.  

The solution is to search for _SESSION in all your website files and update any code that stores large amounts of data in _SESSION.  Also I recommend removing any *.bak or *.bak.php files that you don't need from your web server.

Hope that helps!  Let me know any other questions.