Session directory on v8 is outside of Suitecrm root

Reviewing my file directories for permissions I noticed a tmp directory above the root directory of Suitecrm. The sess_ files are located here with permission of 600. I confirmed the files write when a login is performed. I checked the config file and the sess_dir setting is ’ ’ or blank. What is weird is my Suitecrm root is /home/crm/public_html and this session directory is /home/crm/tmp.

I don’t understand how the sessions are stored above my Suitecrm root and why they have a file permission of 600.

Check your php.ini

And google for session.save_path

Yes, that is the answer for the directory location. Interesting, the directory was full of old login sessions. It appears that whatever is creating the session is unable to delete the old ones. The old ones should be removed when you logout. I suspect this may be one of the reported login/logout issue problem sources.

Permissions as 600 is standard for that directory to ensure only the owner can read or write that bit of security-critical information.

The owner should be the web server process (like www-data on Ubuntu, but may vary), and you might need to tweak the SetUID, SetGID and Sticky bits on the parent directory if you get trouble with the new files getting created in there.

Mine looks like this:

$ sudo ls -al /var/lib/php/
total 0
drwxr-xr-x 1 root root 4096 Apr 23  2018 .
drwxr-xr-x 1 root root 4096 May 21  2020 ..
drwxr-xr-x 1 root root 4096 Dec 23  2019 modules
drwx-wx-wt 1 root root 4096 May 10 19:39 sessions

And then file inside it look like this

-rw------- 1 www-data www-data  55944 May 17  2022 sess_u1aqmhaqqdhe2uakd55bpfo640