Contents of /var/log/apache2/error.log

PHP Fatal error: session_start(): Failed to initialize storage module: user (path: severus_session) in /usr/share/phpmyadmin/libraries/ on line 86

I have been trying to enable database sessions on my ubuntu server installation and began to see this error in my log after updating packages for phpmyadmin and having trouble acessing phpMyAdmin via the browser.

I solved my problem by adding the following two lines of code which override my php session.save_handler with the database functions being used.




/* vim: set expandtab sw=4 ts=4 sts=4: */
* session handling
* @todo add failover or warn if sessions are not configured properly
* @todo add an option to use mm-module for session handler
* @package PhpMyAdmin
* @see
if (! defined('PHPMYADMIN')) {

// verify if PHP supports session, die if it does not

if (!@function_exists('session_name')) {
PMA_warnMissingExtension('session', true);
} elseif (ini_get('session.auto_start') == true && session_name() != 'phpMyAdmin') {
// Do not delete the existing session, it might be used by other
// applications; instead just close it.

// disable starting of sessions before all settings are done
// does not work, besides how it is written in php manual
//ini_set('session.auto_start', 0);

// session cookie settings
0, $GLOBALS['PMA_Config']->getCookiePath(),
'', $GLOBALS['PMA_Config']->isHttps(), true

// cookies are safer (use @ini_set() in case this function is disabled)
@ini_set('session.use_cookies', true);

// optionally set session_save_path
$path = $GLOBALS['PMA_Config']->get('SessionSavePath');
if (!empty($path)) {

// but not all user allow cookies
@ini_set('session.use_only_cookies', false);
// do not force transparent session ids, see bug #3398788
//@ini_set('session.use_trans_sid', true);
//ini_set('arg_separator.output', '&');

// delete session/cookies when browser is closed
@ini_set('session.cookie_lifetime', 0);

// warn but dont work with bug
@ini_set('session.bug_compat_42', false);
@ini_set('session.bug_compat_warn', true);

// use more secure session ids
@ini_set('session.hash_function', 1);

// some pages (e.g. stylesheet) may be cached on clients, but not in shared
// proxy servers

// start the session
// on some servers (for example,, we get a permission error
// on the session data directory, so I add some "@"

// See bug #1538132. This would block normal behavior on a cluster
//@ini_set('session.save_handler', 'user');

$session_name = 'phpMyAdmin';

if (! isset($_COOKIE[$session_name])) {
// on first start of session we check for errors
// f.e. session dir cannot be accessed - session file not created
$orig_error_count = $GLOBALS['error_handler']->countErrors();
$r = session_start();
if ($r !== true
|| $orig_error_count != $GLOBALS['error_handler']->countErrors()
) {
setcookie($session_name, '', 1);
* Session initialization is done before selecting language, so we
* can not use translations here.
PMA_fatalError('Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly. Also ensure that cookies are enabled in your browser.');
} else {

* Token which is used for authenticating access queries.
* (we use "space PMA_token space" to prevent overwriting)
if (! isset($_SESSION[' PMA_token '])) {
$_SESSION[' PMA_token '] = md5(uniqid(rand(), true));

* tries to secure session from hijacking and fixation
* should be called before login and after successfull login
* (only required if sensitive information stored in session)
* @return void
function PMA_secureSession()
// prevent session fixation and XSS
$_SESSION[' PMA_token '] = md5(uniqid(rand(), true));