0

I have 2 cloned instances in AWS with Ubuntu 16, Apache 2.4 and PHP 5.6.

I configured each with 2 virtual hosts (plus the default) with the same configuration (different names obviously):

Define VHostName dolibarr.blabla.com
Define VHostUser site_dolibarr
<VirtualHost *:80>
    ServerName ${VHostName}
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/${VHostUser}/web

    php_admin_value open_basedir "/var/www/${VHostUser}/web:/var/www/${VHostUser}/tmp"
    php_admin_value session.save_path "/var/www/${VHostUser}/tmp"

    #LogLevel info ssl:warn

    ErrorLog /var/www/${VHostUser}/log/error.log
    CustomLog /var/www/${VHostUser}/log/access.log combined

    <IfModule mod_suexec.c>
            SuexecUserGroup ${VHostUser} ${VHostUser}
    </IfModule>

    # add support for apache mpm_itk
    <IfModule mpm_itk_module>
            AssignUserId ${VHostUser} ${VHostUser}
    </IfModule>

    #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

The directory /var/www/site_dolibarr/tmp has right permissions and the app is writing right.

App in VirtualHost 1 -> Sessions don't work

App in VirtualHost 2 -> Sessions work!

Well, I have two dolibarr applications but the PHP sessions just work correctly in the second application; the second virtualhost I configured is using the sessions correctly, but the first virtualhost I created is writing sessions but it doesn't reuse them so it's impossible to navigate across the app, the app ask me for login continously.

I tested to work with the same files and the same database that the second virtualhost in the first virtualhost but it still can't reuse the sessions.

In the another server clone I have 2 Joomla applications, but again, I just can login in the second.

I tested too many configs and searched a lot but I don't get the solution so I ask here. Someone have idea? or If have I to install something to handle sessions in virtualhosts.

Thanks!

Xilver266
  • 1
  • How is PHP 5.6 executed? Apache module or php-fpm? If you relax the open_basedir for a moment you could do a to check if your users are being set allright. Did you check if the browser is actually sending back the cookie it got in set-cookie on the next request? – Gerrit May 01 '18 at 20:29
  • Is the php5 Apache module, I tested your " " and returns me the right user for each virtualhost. I checked the cookie in browser: In the problematic virtualhost doesn't write the cookie but in the right virtualhost yes. – Xilver266 May 02 '18 at 06:41
  • If the browser does not echo back the cookie it receives in set-cookie, then session cookies can't work at all. Are the path and other attributes like secure and expire in the set-cookie header correct? – Gerrit May 02 '18 at 07:34
  • Sry, didnt save my previous reply before: It seems that it was cause of session.cookie_secure, I setted to 0 and now both virtualhost works. Some idea of why in one virtualhost works and in another no? Thanks! – Xilver266 May 02 '18 at 08:03
  • If the cookie has a "secure" attribute, the browser will only echo it to a https url. Apparently your working virtual host was actually reachable over https. Or the application in the virtual host that worked changed the attribute to non-secure with a header edit or PHP instruction. – Gerrit May 02 '18 at 10:54

0 Answers0