06 July 2013, 22:52

I am not very technically minder but I have managed to install Mahara on my site but I do have an issue that perhaps someone could help with. I have successfully logged in as admin and changed to my own password. However, every time I want to view a page I have to log in again and when I return to the home page it says I am logged in. Can someone explain to me what might be the problem here? 

Also, I have this message on my admin page: "Your PHP session.entropy_length setting is too small. Set it to at least 16 in your php.ini to ensure that generated session IDs are random and unpredictable enough."  I can't seem to find this php.ini page in File Manager anywhere? Can someone let me know which folder it is to be found?

Many thanks in advance for you help,

Michael 

07 July 2013, 16:03

Hello Michael,

Can you please check that you have the correct URL set in your config.php file for Mahara for

$cfg->wwwroot

Also please ensure that the protocol http or https is the correct one.

The php.ini file is the one in your Apache server and thus cannot be found in the Mahara folder. In Ubuntu it is located at /etc/php5/apache2/php.ini. I hope that helps you to work out where you might find it.

Cheers

Kristina

07 July 2013, 21:24

Hello Kristina, 

Many thanks for your help. I managed to sort out the login problem as it seems that the path to my maharadata folder was incorrect. 

Thanks for the info about the php.ini file. I have managed to find the location of the php.ini file by creating a phpinfo file. It's at /etc/php53.ini.d/php.ini however when I try to access this file or directory using my ftp client it just says "no such file or directory" and if I use File Manager on my server there is only my Home and public folders and nothing else. Is it possible I don't have access to this file as I am not using a dedicated server?

Thanks in advance for all your help,

Michael

08 July 2013, 13:43

Hi Michael,

Yes, the php.ini file is a system configuration file, so if you're using shared hosting it's quite likely you don't have access to edit it. You'll need to contact your host provider to ask them about options. Some hosts will let you have your own personal php.ini file; others will let you override some php.ini files via a .htaccess file.

But hopefully you can convince your host providers to make the change system-wide, because it's a security best-practices recommendation from OWASP: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Entropy

However, Mahara will still run just fine even if you can't update your session.entropy_length. It just won't be quite as secure.

Cheers,

Aaron

09 July 2013, 1:40

Hi Aaron,

Many thanks for your response and help. It's very much appreciated. I will email my hosting company and see if they might be prepared to change this themselves. 

Regards,

Michael