Joomla! Issue Tracker | Joomla! CMS #19199 - Fix PHP Warning for Session on PHP 7.2

? ?

Fixed in Code Base
13 Feb 2018
Medium
Build: staging
# 19199
Diff
joomdonation:patch-10

Pending

User tests: Successful: Unsuccessful:

joomdonation
28 Dec 2017

Pull Request for Issue #19127 .

Summary of Changes

This is an attempt to fix issue #19127. If you login on a Joomla website runs on PHP 7.2, check error logs, you will see warning like below:

[Thu Dec 28 22:04:15.331696 2017] [php7:warn] [pid 8128:tid 1900] [client ::1:65187] PHP Warning: session_set_save_handler(): Cannot change save handler when session is active in D:\www\joomla\libraries\joomla\session\storage.php on line 106, referer: http://localhost/joomla/
[Thu Dec 28 22:04:15.331696 2017] [php7:warn] [pid 8128:tid 1900] [client ::1:65187] PHP Warning: session_set_cookie_params(): Cannot change session cookie parameters when session is active in D:\www\joomla\libraries\src\Session\Session.php on line 807, referer: http://localhost/joomla/

Honestly, I am unsure about quality of the fix. This fix is just simply removes codes base on warnings throws by PHP.

I also remove $this->_handler->start(); because after calling $this->_handler->regenerate(true, null);, session is already started, so I don't see the need for calling $this->_handler->start(); again

Testing Instructions

You need to have a Joomla website run on PHP 7.2
Login, then check error logs, confirm the warnings above
Apply patch, check and confirm the warnings not happen anymore
Try to login, logout, make sure it is still working as expected.

Additional comments

I also tested on my own extension and confirm that session data still keep after logged in. I also checked data in database myself and see that new session id is generated. Not sure if I miss anything else.

Votes

# of Users Experiencing Issue

1/1

Average Importance Score

3.00

fe33424 28 Dec 2017

Fix PHP Warning for Session on PHP 7.2

joomdonation - open - 28 Dec 2017

joomdonation - change - 28 Dec 2017

Status

New

⇒

Pending

joomla-cms-bot - change - 28 Dec 2017

Category

⇒

Libraries

mbabker - comment - 28 Dec 2017

Not sure if I miss anything else.

You have removed all calls to code handling the session cookie. This is the part you are missing in validating that your fix has no side effects. I also have no idea what the "Re-register the session store after a session has been destroyed, to avoid PHP bug" comment refers to (and the commit introducing it has no contextual value) but I'd suggest this could imply there either was a PHP bug that was fixed or an active issue regarding a call to session_set_save_handler() that needed to be looked at here.

joomdonation - comment - 28 Dec 2017

You have removed all calls to code handling the session cookie

There are two reasons I removed it:

The warning message from PHP tells us to not do that

session_set_cookie_params(): Cannot change session cookie parameters when session is active in

As I understand, it is set here https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/session/handler/joomla.php#L59 already

joomdonation - comment - 28 Dec 2017

For the comment in the code Re-register the session store after a session has been destroyed, to avoid PHP bug, I am unsure too as before that, we already check and only run other code if session is active https://github.com/joomla/joomla-cms/blob/staging/libraries/src/Session/Session.php#L794

wilsonge - comment - 28 Dec 2017

@johanjanssens I don't suppose you can provide any insight here :)

mbabker - comment - 28 Dec 2017

I get what you're trying to do, but you also said "I'm not entirely sure about this" basically and just looking at the code and seeing what's removed all I can comment on is possible side effects that need to be looked for.

joomdonation - comment - 28 Dec 2017

Yes, It is just an attempt and unsure PR as I mentioned. Hopefully, we can come up with a proper fix as it is not nice to see warning like that. It is not only logged in error logs but I also see it on the screen when I open the site after closing it sometime (guess that's the time Joomla logins by cookie)

joomdonation - comment - 29 Dec 2017

@mbabker @wilsonge I think I know the reasons of the strange code now. If you view the code from Johan commit

joomla-cms/libraries/joomla/environment/session.php

Line 409 in fdb3e55

function fork()

, you will see that he calls session_destroy()

joomla-cms/libraries/joomla/environment/session.php

Line 430 in fdb3e55

session_destroy();

to destroy the original session

That explains why he had to call $this->_handler->register(); again with that comment in the code. I guess later, when someone refactored the code, he forgot to remove these not necessary code.

So here is the summary:

We don't need to call session_set_cookie_params again because from PHP documentation:

Set cookie parameters defined in the php.ini file. The effect of this function only lasts for the duration of the script. Thus, you need to call session_set_cookie_params() for every request and before session_start() is called.

We already call that method here https://github.com/joomla/joomla-cms/blob/staging/libraries/joomla/session/handler/joomla.php#L59 when initialize application, so no need to call it again when login happens

The code $this->_store->register(); can be removed because:

PHP tells us to do that
We now know the reason why the code is there (original code call session_destroy()) in fork() method

I think this change is valid now. If people want to test it, what do they need to test to make sure this change doesn't cause any side affects:

Login, logout works
Session data before login is kept after login (I am not sure how to test it using Joomla core, I can only test it in my own extension)

3fb31b9 30 Dec 2017

joomdonation - change - 30 Dec 2017

Labels

Added: ?

Quy - comment - 7 Jan 2018

Update description: Create a new session and copy variables from the old one

joomdonation - comment - 7 Jan 2018

Could you please explain more about your last comment? it is not clear to me

Quy - comment - 7 Jan 2018

See line 786 for description of this method. Is this copy variables from the old one still applicable with the deleted lines?

joomdonation - comment - 7 Jan 2018

To me, the deleted lines were there by mistakes, see my earlier comment #19199 (comment) . So the description of the method should remain unchanged

Quy - test_item - 14 Jan 2018 - Tested successfully

Quy - comment - 14 Jan 2018

I have tested this item ✅ successfully on 3fb31b9

It appears to be working. I see no side effects.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19199.}

csthomas - comment - 20 Jan 2018

I have tested this item ✅ successfully on 3fb31b9

Tested on php 5.6.33, 7.0 and 7.2

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19199.}

csthomas - test_item - 20 Jan 2018 - Tested successfully

franz-wohlkoenig - change - 20 Jan 2018

Status

Pending

⇒

Ready to Commit

franz-wohlkoenig - comment - 20 Jan 2018

Ready to Commit after two successful tests.

sshcli - comment - 24 Jan 2018

In my humble opinion, this fix should be merged asap and release J3.8.4
This is a very annoying php warning for those using PHP 7.2

mbabker - change - 13 Feb 2018

Status	Ready to Commit	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2018-02-13 00:03:34
Closed_By		⇒	mbabker
Labels	Added: ?

mbabker - close - 13 Feb 2018

mbabker - merge - 13 Feb 2018

grantiago - comment - 3 Mar 2018

I have tested this item ✅ successfully on 3fb31b9

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19199.}

grantiago - test_item - 3 Mar 2018 - Tested successfully

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#19199] - Fix PHP Warning for Session on PHP 7.2

Summary of Changes

Testing Instructions

Additional comments

Votes

Add a Comment