Topic: php gzip and session.use_trans_sid

[jameswilson]

Im trying to install a php app into an ibay

im coming accross a couple of issues.

one is
PHP session.use_trans_sid = ON    and this should be off apparently

is this right?

also
PHP Output Buffering (gzip) = OFF

im assuming this would be better on?

I have searched google and the forums and only found a possible solution to problem one by using htaccess file. However im concerned about the things that are in other ibays?

Many thanks
James

[jameswilson]

Just found another i cant seem to correct

PHP open_basedir restrictions = /home/e-smith/files/ibays/xxx

this isnt an error but it isnt right according to the config. I presume this isnt anything to worry about? All the info i can find on google etc seems to suggest i should modify the php config to point to the www. I dont think i want to do this with sme?

James

**edit
Found relevant info here
http://wiki.contribs.org/PHP

however when i do
db accounts getprop ibayname PHPBaseDir

Nothing is returned.

I assume i need to tell it to use the cgi directory for that ibay?

[jameswilson]

sorted the base redirection issue
http://wiki.contribs.org/Useful_Commands

set it to /tmp.

[cactus]

one is
PHP session.use_trans_sid = ON    and this should be off apparently

is this right?

That depends on the application AFAICT.

PHP Output Buffering (gzip) = OFF

im assuming this would be better on?

That depends on your servers resources and the neccesarry libraries being installed and configured properly IIRC. This would enable the server to compress responses to the clients (only for http traffic IIRC).

I have searched google and the forums and only found a possible solution to problem one by using htaccess file. However im concerned about the things that are in other ibays?

That could be an option indeed. You can then use the php_admin_flag/value to change the settings. Other ways are to use an include script in your application and use ini_get and ini_set if possible.

[jameswilson]

cactus
I would rather have global options for all ibays, rather than per ibay settings for most things.
Id also prefer the config to be set rather than use htaccess files

IS there a problem with sme if i turn the use_trans_id off?
re the gzip php thing, id like to turn it on, is this a template thing or a db setting?

Many Thanks Cactus

[cactus]

I would rather have global options for all ibays, rather than per ibay settings for most things.

My impression was you were after individual, per ibay settings. If that is not the case you can perhaps modify the database entries for the PHP service if present, otherwise you will have to resort to custom template fragments for php.ini.

IS there a problem with sme if i turn the use_trans_id off?

I don't know, never tried it. I only know it relates to cookies IIRC. I am unsure what is the benefit of turning it off? Do you know?

re the gzip php thing, id like to turn it on, is this a template thing or a db setting?

I do not have access to my test servers so I can not check it for you. My guess is that the gzip setting needs to be resolved with a custom template fragment. To be sure check the fragments in /etc/e-smith/templates/etc/php. If there is an indication that it can be done using a database key than you won't need the custom template route.

[jameswilson]

I have no idea what it does and cant really find any 'understandable' info on the web. Im sure its there but i suppose thats why i use and love sme, i just dont need to know (usually lol)

I prefer to keep things as stock as possible, and it always worries me whenever an app needs something different to sme settings. It was set the way it was for a reason, and usually to protect my system from me. SO i dont like changing things just on a whim.

James

[jameswilson]

I do not have access to my test servers so I can not check it for you. My guess is that the gzip setting needs to be resolved with a custom template fragment. To be sure check the fragments in /etc/e-smith/templates/etc/php. If there is an indication that it can be done using a database key than you won't need the custom template route.

I have checked all the templates for php and none of them have the gzip setting. I presume im going to need to create a custom fragment.

James

[jameswilson]

Follow up.
Couldnt find how to do it with a fragment etc so i added the following to the .htaccess file

php_flag session.use_trans_sid off
php_value output_buffering on

I also added

<ifModule mod_gzip.c>
  mod_gzip_on Yes
  mod_gzip_dechunk Yes
  mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
  mod_gzip_item_include handler ^cgi-script$
  mod_gzip_item_include mime ^text/.*
  mod_gzip_item_include mime ^application/x-javascript.*
  mod_gzip_item_exclude mime ^image/.*
  mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
<ifModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 seconds"
  ExpiresByType text/html "access plus 1 seconds"
  ExpiresByType image/gif "access plus 2592000 seconds"
  ExpiresByType image/jpeg "access plus 2592000 seconds"
  ExpiresByType image/png "access plus 2592000 seconds"
  ExpiresByType text/css "access plus 604800 seconds"
  ExpiresByType text/javascript "access plus 216000 seconds"
  ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifModule>
<ifModule mod_headers.c>
  <filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
    Header set Cache-Control "max-age=2592000, public"
  </filesMatch>
  <filesMatch "\\.(css)$">
    Header set Cache-Control "max-age=604800, public"
  </filesMatch>
  <filesMatch "\\.(js)$">
    Header set Cache-Control "max-age=216000, private"
  </filesMatch>
  <filesMatch "\\.(xml|txt)$">
    Header set Cache-Control "max-age=216000, public, must-revalidate"
  </filesMatch>
  <filesMatch "\\.(html|htm|php)$">
    Header set Cache-Control "max-age=1, private, must-revalidate"
  </filesMatch>
</ifModule>
<ifModule mod_headers.c>
  Header unset ETag
</ifModule>
FileETag None

James

[cactus]

Make sure you have loaded the affected modules (mod_gzip, mod_expires and mod_headers) using the LoadModule directive otherwise your changes will have no effect at all.

I miss that in your changes, but perhaps you might have loaded them (already).

[annyphp]

More PHP gzip you can check

[piran]

Server-wide gzip is good, in fact it's brilliant. Output buffering
is needed otherwise you get a _headers already sent_ error.
The internet should've come with gzip built in ...it's that good.

Code: [Select]

php_value session.use_only_cookies 1
php_value session.use_trans_sid 0Some browsers and just about all search engines' bots have
cookies turned off which leads to ?PHPSESSID stuff getting
appended to your site's URLs. This looks bad in the listings
and an almighty pain to get the search engines to drop.
Use the stuff in .htaccess for a per iBay site and in a
httpd PHP fragment for all iBays - as per usual.

My notes also say...
The session.use_only_cookies stuff specifies whether the
module will only use cookies to store the session id on the
client side. Defaults to 0 (disabled, for backward compatibility).
Enabling this setting prevents attacks involved passing the
session ids in URLs. This setting was added in PHP 4.3.0.
http://www.php.net/manual/en/ref.session.php

See also...
http://www.ragepank.com/articles/26/disable-phpsessid/

[chris burnat]

Moving to General Discussions where it is probably more appropriate.