PHP session.upload_progress在Linux / cPanel / Apache环境中不起作用(在Windows中工作)

Sorry for yet another question about the session upload_progress freature in PHP, but it has me stumped. I developed a prototype file upload facility on a Windows server and the progress feature worked just fine. But when I moved the prototype to our Linux server, it didn't work. The progress array never appears in the $_SESSION superglobal, though the files transfer without issue.

Here is the environment:

  • Apache version: 2.2
  • PHP version: 5.4.31
  • Server API: Apache 2.0 Handler (not CGI!)

Here are the session variables:

  • session.upload_progress.cleanup: Off (turned off so I could check $_SESSION after the transfer)
  • session.upload_progress.enabled: On
  • session.upload_progress.freq: 1000
  • session.upload_progress.min_freq: 1
  • session.upload_progress.name: PHP_SESSION_UPLOAD_PROGRESS
  • session.upload_progress.prefix: upload_progress_

Here are my core file transfer settings:

  • post_max_size: 0
  • upload_max_filesize: 0
  • max_input_time: -1
  • max_execution_time: -1
  • output_buffering: 4096

(I set the output_buffering parameter to match the setting on the Windows server where the upload progress worked. Initially, it had "no value" on the Linux server).

Here is the HTML that sets up the form:

<form name="UploadForm" id="UploadForm" method="post" enctype="multipart/form-data">
<input type="hidden" name="<?php echo ini_get('session.upload_progress.name');?>" id="<?php echo ini_get('session.upload_progress.name');?>" value="1" />
Enter a note to be sent along with your file:<br />
<textarea name="UploadNote" id="UploadNote" rows="5" cols="50"></textarea><br /><br />
<div style="border: thin solid black; padding: 10px;">
Choose the file you wish to transfer and then click the "Upload" button.
<input type="file" name="UploadFile" id="UploadFile" />
<br /><br /><input type="button" id="SubButton" value="Upload" onclick="submit_form('SU')" />

The PHP program to retrieve the uploaded file is launched in a hidden iframe. The status checking program is called every 1.5 seconds via jQuery/Ajax.

Like I said, the upload_progress code worked on a Windows server and was moved unchanged to the Linux server. Some of the things I've since checked:

  • The session integrity is fine. I added my own session variable in the main program (that sets up the form) and was able to retrieve it in the status program and the upload program (running in the iframe). The session IDs are all the same.
  • Nothing outside of my $_SESSION item ever gets added to $_SESSION.
  • Again, the file transfers themselves work fine.
  • Some other SO posts pointed to possible issues involving the buffering of POST data by Apache so PHP only receives the file when it's completely uploaded. Would that cause the upload progress array to never be posted in $_SESSION? I read that mod-security could be interposed in the transfer of POST data. So I temporarily disabled mod-security in my Apache virtual host, but that unfortunately didn't help.

I have to think there is some module that is part of the standard cPanel Apache build that is affecting the operation of the session.upload_progress feature. Does anyone have any suggestions of what to try? Thanks very much.

I know its an old thread but I'll leave this here for other coming across the same problem. It is indeed mod_security interfering with the session.upload. SecRequestBodyAccess needs to be set to Off for session.uploads to work. The reason being is that SecRequestBodyAccess buffers the page output so mod_security can process the page.

Mod Security Documentation SecRequestBodyAccess