Author Topic: Problems with .htaccess and suhosin.session.encrypt (Read 9568 times)

Mark · « **on:** September 21, 2009, 03:18:33 AM »

Hi,

like in previous version the shipped .htaccess file still causes an internal server error on my webserver. In 0.2 I could just delete the .htaccess file and everything seemed to work fine.

When I delete the .htaccess file in 0.3 I get the login screen but cannot log in. It seems like suhosin.session.encrypt causes the problem. This value is set to 1 on my webserver and I can't change it (not even with ini_set('suhosin.session.encrypt','0')).

Any ideas?

Mark

tofinoguy · « **Reply #1 on:** September 23, 2009, 02:29:05 PM »

Set suhosin.session.encrypt to 0 in php.ini. Most web hosts allow you to edit this file.

Mark · « **Reply #2 on:** September 24, 2009, 07:33:29 AM »

Thanks tofinoguy. Unfortunately I do not have direct access to php.ini. I can only change some of the settings like magic_quotes_gpc or register_globals.

Meanwhile I tested RC 0.3 on the servers of three different webspace providers. All three have suhosin.session.encrypt set to 1, on two of them the .htaccess file caused an internal server error (500).

BTW what is suhosin.session.encrypt good for?

dano · « **Reply #3 on:** September 24, 2009, 12:04:40 PM »

Have you tried dropping a php.ini file into the root RC directory and putting all of the PHP settings in there? This works depending on how the server is set up of course.

Here is mine (I remove all the attachment limits and let the system take care of that):

Code: [Select]

display_errors = Off
log_errors = On
error_log = logs/errors

zlib.output_compression = Off
magic_quotes_gpc = 0
magic_quotes_runtime = 0
zend.ze1_compatibility_mode = 0
suhosin.session.encrypt = Off

session.auto_start = 0
session.gc_maxlifetime = 21600
session.gc_divisor = 500
session.gc_probability = 1

mbstring.func_overload = 0

Mark · « **Reply #4 on:** September 25, 2009, 03:40:52 AM »

Dropping a php.ini file has no effect.