Move each php session to a private destination

diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix
index 96efddc21c64155cd2c34f29f0b453e62a91fe33..6237e06b9df49cb86018619a03d9171b6fc52242 100644 (file)
--- a/virtual/eldiron.nix
+++ b/virtual/eldiron.nix
@@ -228,6 +228,9 @@
       # FIXME: move session files to separate dirs
       # /!\ phppackage is used in nextcloud configuation
       phpOptions = ''
+        session.save_path = "/var/lib/php/sessions"
+        session.gc_maxlifetime = 60*60*24*15
+        session.cache_expire = 60*24*30
         ; For nextcloud
         extension=${pkgs.phpPackages.redis}/lib/php/extensions/redis.so
         ; For nextcloud
@@ -269,6 +272,9 @@
       nextcloud = mypkgs.nextcloud.activationScript;
       httpd = ''
         install -d -m 0755 /var/lib/acme/acme-challenge
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/adminer
+        install -d -m 0750 -o wwwrun -g wwwrun /var/lib/php/sessions/mantisbt
         '';
       redis = ''
         mkdir -p /run/redis

diff --git a/virtual/packages/adminer.nix b/virtual/packages/adminer.nix
index 034f0d47124d0aa5d6574ab79090714b1ad931d3..d2800aae7b14c876b9a004e13ce5dcf536898975 100644 (file)
--- a/virtual/packages/adminer.nix
+++ b/virtual/packages/adminer.nix
@@ -26,7 +26,10 @@ let
         pm.max_children = 5
         pm.process_idle_timeout = 60
         ;php_admin_flag[log_errors] = on
+        ; Needed to avoid clashes in browser cookies (same domain)
+        php_value[session.name] = AdminerPHPSESSID
         php_admin_value[open_basedir] = "${webRoot}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/adminer"
         '';
     };
     apache = {

diff --git a/virtual/packages/aten.nix b/virtual/packages/aten.nix
index 8251b31c490bd2ea5ed0d53d63f13112eb65adc0..d67f7b7c8587eb64b657641eb0a23ef3dcc5f43d 100644 (file)
--- a/virtual/packages/aten.nix
+++ b/virtual/packages/aten.nix
@@ -16,6 +16,7 @@ let
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         ${if environment == "dev" then ''
         pm = ondemand
         pm.max_children = 5
@@ -80,6 +81,7 @@ let
       deps = [ "wrappers" ];
       text = ''
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       if [ ! -f "${varDir}/currentWebappDir" -o \
           "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
         pushd ${webappDir} > /dev/null

diff --git a/virtual/packages/chloe.nix b/virtual/packages/chloe.nix
index a867bf207ce712228c61af2c9ee3ec1ec4b36352..863331772fc9e8edcbe605826861582d2b4ec5ff 100644 (file)
--- a/virtual/packages/chloe.nix
+++ b/virtual/packages/chloe.nix
@@ -22,6 +22,7 @@ let
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${./spip_mes_options.php}:${configDir}:${webRoot}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         env[SPIP_CONFIG_DIR] = "${configDir}"
         env[SPIP_VAR_DIR] = "${varDir}"
         env[SPIP_SITE] = "chloe-${environment}"
@@ -92,6 +93,7 @@ let
       deps = [ "wrappers" ];
       text = ''
         install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} ${varDir}/IMG ${varDir}/tmp ${varDir}/local
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       '';
     };
     configDir = ./chloe_config;

diff --git a/virtual/packages/connexionswing.nix b/virtual/packages/connexionswing.nix
index 7f7dc16b397267be0339e31c56c37ec8914dbc87..199c89327f0dc78b1e68d1dd76de4b4ea633de3e 100644 (file)
--- a/virtual/packages/connexionswing.nix
+++ b/virtual/packages/connexionswing.nix
@@ -38,6 +38,7 @@ let
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         ${if environment == "dev" then ''
         pm = ondemand
         pm.max_children = 5
@@ -135,6 +136,7 @@ let
         ${varDir}/medias \
         ${varDir}/uploads \
         ${varDir}/var
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       if [ ! -f "${varDir}/currentWebappDir" -o \
           "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
         pushd ${webappDir} > /dev/null

diff --git a/virtual/packages/ludivinecassal.nix b/virtual/packages/ludivinecassal.nix
index c0787228133e31202556078050b884eefa42e982..eabb8fafc2b6e16855c364fa6b68665ee750b3a8 100644 (file)
--- a/virtual/packages/ludivinecassal.nix
+++ b/virtual/packages/ludivinecassal.nix
@@ -53,6 +53,7 @@ let
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         ${if environment == "dev" then ''
         pm = ondemand
         pm.max_children = 5
@@ -137,6 +138,7 @@ let
       deps = [ "wrappers" ];
       text = ''
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       if [ ! -f "${varDir}/currentWebappDir" -o \
           "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
         pushd ${webappDir} > /dev/null

diff --git a/virtual/packages/mantisbt.nix b/virtual/packages/mantisbt.nix
index 82fc8ad15e8f424f957046311a9ceae17b69b7a8..335cb7d33fe0f41360f8ef9346cc58a632d8f380 100644 (file)
--- a/virtual/packages/mantisbt.nix
+++ b/virtual/packages/mantisbt.nix
@@ -116,6 +116,7 @@ let
         php_admin_value[upload_max_filesize] = 5000000
 
         php_admin_value[open_basedir] = "${basedir}:/tmp"
+        php_admin_value[session.save_path] = "/var/lib/php/sessions/mantisbt"
         '';
     };
   };

diff --git a/virtual/packages/nextcloud.nix b/virtual/packages/nextcloud.nix
index e39868ac231b02180162f5c18576ea5c7b696870..5e9a927214b163de3ced56a2b2c249fc19f4f0ef 100644 (file)
--- a/virtual/packages/nextcloud.nix
+++ b/virtual/packages/nextcloud.nix
@@ -198,6 +198,7 @@ let
       deps = [ ];
       text = ''
         install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir}
+        install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       '';
     };
     apache = {
@@ -253,6 +254,7 @@ let
         php_admin_value[memory_limit] = 512M
 
         php_admin_value[open_basedir] = "${basedir}:/proc/meminfo:/dev/urandom:/proc/self/fd:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         '';
     };
   };

diff --git a/virtual/packages/piedsjaloux.nix b/virtual/packages/piedsjaloux.nix
index 819bafbc79aeea09b76dd2285dff782005f980db..1c3d8b765433c786816858efd820ed25f4732fc1 100644 (file)
--- a/virtual/packages/piedsjaloux.nix
+++ b/virtual/packages/piedsjaloux.nix
@@ -38,6 +38,7 @@ let
         php_admin_value[post_max_size] = 20M
         ;php_admin_flag[log_errors] = on
         php_admin_value[open_basedir] = "${configRoot}:${webappDir}:${varDir}:/tmp"
+        php_admin_value[session.save_path] = "${varDir}/phpSessions"
         ${if environment == "dev" then ''
         pm = ondemand
         pm.max_children = 5
@@ -123,6 +124,7 @@ let
       text = ''
       install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \
         ${varDir}/tmp
+      install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
       if [ ! -f "${varDir}/currentWebappDir" -o \
           "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ]; then
         pushd ${webappDir} > /dev/null