You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

Pages: 1

#1 2023-05-20 21:09:27

Changemanager
Member
Registered: 2023-02-21
Posts: 40

¿PHP FPM bug?

Installing GLPI 10.0.7 on LAMP with PHP in FPM mode, in the "Checking of the compatibility of your environment with the execution of GLPI" step, it always gives the following alert:

"Security configuration for sessions. Ensure security is enforced on session cookies.
PHP directive 'session.cookie_secure' should be set to 'on' when GLPI can be accessed on HTTPS protocol.
PHP directive 'session.cookie_httponly' should be set to 'on' to prevent client-side scripts from accessing cookie values."

However, these parameters are edited in "/etc/php/8.1/apache2/php.ini" from a previous installation in demo mode, and also in "/etc/php/8.1/fpm/php.ini". In both files, it is set as "session.cookie_httponly = on" and "session.cookie_secure = on".

root@srglpi1:/etc/php/8.1/fpm/conf.d# grep cookie_secure /etc/php/8.1/fpm/php.ini
session.cookie_secure = on
root@srglpi1:/etc/php/8.1/fpm/conf.d# grep session.cookie_httponly /etc/php/8.1/fpm/php.ini
session.cookie_httponly = on


Is this a bug or do I have something misconfigured?

I noticed that in normal PHP mode, the php.ini file is located in "/8.1/apache2/php.ini", whereas with FPM, there is no "apache2" folder. Apart from that, everything seems the same.

Last edited by Changemanager (2023-05-20 21:19:31)

Offline

#2 2023-05-20 21:22:09

Changemanager
Member
Registered: 2023-02-21
Posts: 40

Re: ¿PHP FPM bug?

it's OK.... only  : sudo systemctl restart php8.1-fpm and it's okey


Changemanager wrote:

Installing GLPI 10.0.7 on LAMP with PHP in FPM mode, in the "Checking of the compatibility of your environment with the execution of GLPI" step, it always gives the following alert:

"Security configuration for sessions. Ensure security is enforced on session cookies.
PHP directive 'session.cookie_secure' should be set to 'on' when GLPI can be accessed on HTTPS protocol.
PHP directive 'session.cookie_httponly' should be set to 'on' to prevent client-side scripts from accessing cookie values."

However, these parameters are edited in "/etc/php/8.1/apache2/php.ini" from a previous installation in demo mode, and also in "/etc/php/8.1/fpm/php.ini". In both files, it is set as "session.cookie_httponly = on" and "session.cookie_secure = on".

root@srglpi1:/etc/php/8.1/fpm/conf.d# grep cookie_secure /etc/php/8.1/fpm/php.ini
session.cookie_secure = on
root@srglpi1:/etc/php/8.1/fpm/conf.d# grep session.cookie_httponly /etc/php/8.1/fpm/php.ini
session.cookie_httponly = on


Is this a bug or do I have something misconfigured?

I noticed that in normal PHP mode, the php.ini file is located in "/8.1/apache2/php.ini", whereas with FPM, there is no "apache2" folder. Apart from that, everything seems the same.

Offline

Pages: 1

Board footer

Powered by FluxBB