Archive for April, 2013

Suhosin Values in Magento

Posted: April 7, 2013 in .htaccess, Magento

Sometimes Magento admins face the issue of some values missing from the frontend even though the configuration would have shown to be saved from Backend. This could be due the limit in the number of values set by suhosin.

The common override for this issue is to have the following values set in .htaccess

php_value suhosin.mail.protect 0
php_value suhosin.memory_limit 128M
php_value 5000
php_value 500000
php_value suhosin.request.max_vars 5000
php_value suhosin.request.max_value_length 500000
php_flag suhosin.session.cryptua off

For php.ini use the variables without php_value or php_flag


We just had a client run into the same issue, and Magento was setup to let the database handle sessions (default is the filesystem). I was unable to login. It would just keep sending me to the login page, but I could see the URL was trying to parse at least. Occassionaly I would get in to the backend after trying to login 2-3 times in a row, but would still get “logged out” of the system.
To see what you have, or to change it, open up the following:
Look for this:
And change it to this:
If it’s already set to files, then there’s possibly another bug. After you’ve done this, make sure you delete the following directories:
And also delete all of the items in the core_session table.
You should be able to login and stay logged in now.

[error] [client] ALERT - Include filename 
is an URL that is not allowed (attacker '', 
file '/var/www/joomla/plugins/system/koowa/view/abstract.php', line 418)

To fix this add the following to your php.ini file if you are using suhosin :