[#16481] - Use setcookie to solve php session warning
- Fixed in Code Base
- 15 Jun 2017
- Medium
- Build: staging
- # 16481
- Diff
- andrepereiradasilva:patch-25
- Success continuous-integration/drone/pr the build was successful Details
- Success continuous-integration/travis-ci/pr The Travis CI build passed Details
- Success continuous-integration/appveyor/pr AppVeyor build succeeded Details
- Pending JTracker/HumanTestResults Human Test Results: 1 Successful 0 Failed. Details
User tests: Successful: Unsuccessful:
Pull Request for Issue #16477.
Summary of Changes
PHP Files handler (and maybe other handlers) emit a warning when clearing the session.
This PR try to solves that.
Testing Instructions
- Use latest staging
- Login in backend
- Set the session handler to PHP (files handler)
- Set session timeout to 1 minute (for faster test)
- Wait around a minute
- Refresh the page you will get a php warning
Apply path and try again, should work.
Expected result
Working as usual.
Actual result
Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /path/to/joomla/staging/libraries/joomla/session/handler/native.php on line 260
Documentation Changes Required
None
| Status | New | ⇒ | Pending |
joomla-cms-bot
- | Category | ⇒ | Libraries |
ok, aditional info: in http://php.net/manual/en/function.session-id.php
If id is specified, it will replace the current session id. session_id() needs to be called before session_start() for that purpose. Depending on the session handler, not all characters are allowed within the session id. For example, the file session handler only allows characters in the range a-z A-Z 0-9 , (comma) and - (minus)!
IIRC we are MD5 hashing session names in the session instantiation code (no idea how that ties into ID generation). So it should be fine. Otherwise, with 3.8, I do see possible issues the default value uses the class name which now has a namespace separator (\) in it.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16481.
Can anyone put a releaase blocker label?
It is just a warning and doesn't limit the functionality of the website so this isn't a release blocker in my opinion.
I have tested this item
This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/16481.
| Status | Pending | ⇒ | Ready to Commit |
RTC after two successful tests.
@rdeutz
It is a bit more than a Warning.
I also get here
Error displaying the error page: Application Instantiation Error: Failed to start the session because headers have already been sent by "/Applications/MAMP/htdocs/testwindows/trunkgitnew/libraries/joomla/session/handler/native.php" at line 260.
patch tested OK
| Status | Ready to Commit | ⇒ | Fixed in Code Base |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2017-06-15 06:41:42 |
| Closed_By | ⇒ | rdeutz | |
| Labels |
Added:
?
|
||
Looks fine, but it is an issue we should look into some more to make sure there aren't any deeper problems.