Session validation failed

[YuChuanchun]

(userdemo) when i press F12 in chrome, then refresh the page, it report "Session validation failed" Exception.

[SidiaDevelopment]

Do you have user agent spoofing (mobile spoofing) active? The session gets validated by user agent

[Mecanik]

This is because you have in your config:

		'session_manager' => [
				// Session validators (used for security).
				'validators' => [
						RemoteAddr::class,
						HttpUserAgent::class,
				]
		],

Comment out "HttpUserAgent::class" and you will get rid of the error, because there is a bug.

Alternatevely use my fix:

Module.php

 /**
     * This method is called once the MVC bootstrapping is complete and allows
     * to register event listeners. 
     */
    public function onBootstrap(MvcEvent $event)
    {
$sessionManager = $event->getApplication()->getServiceManager()->get('Zend\Session\SessionManager');
        
        $this->forgetInvalidSession($sessionManager);
    }

    protected function forgetInvalidSession($sessionManager) {
    	try {
    		$sessionManager->start();
    		return;
    	} catch (\Exception $e) {
    	}
    	/**
    	 * Session validation failed: toast it and carry on.
    	 */
    	// @codeCoverageIgnoreStart
    	session_unset();
    	// @codeCoverageIgnoreEnd
    }

[olegkrivtsov]

Seems like try/catch handler is really required here: zendframework/zendframework#6390

[olegkrivtsov]

Thanks @Mecanik, used your code. Fixed.

[nanguisamuel]

Hi @olegkrivtsov ,
I use yout tuto for my personnal project. But I stuck on one point :

I'm costumizing Laminas Skeleton and adding link (Fr|En) for translation. When clicking on the link I call an action wich add a variable (containing the selected language) in session and then reload the page to apply changes. The lanaguage variable in session is correctly set but when the page is reloaded it is removed and I do not know Why : Here is my module file :

<?php

/**
 * @see       https://github.com/laminas/laminas-mvc-skeleton for the canonical source repository
 * @copyright https://github.com/laminas/laminas-mvc-skeleton/blob/master/COPYRIGHT.md
 * @license   https://github.com/laminas/laminas-mvc-skeleton/blob/master/LICENSE.md New BSD License
 */

declare(strict_types=1);

namespace Application;

use Laminas\Mvc\MvcEvent;
use Laminas\Mvc\Controller\AbstractActionController;
use Application\Service\AuthManager;
use Application\Controller\AuthController;

use Laminas\Session\SessionManager;

class Module
{
    public function getConfig() : array
    {
        return include __DIR__ . '/../config/module.config.php';
    }


    public function onBootstrap(MvcEvent $event){
        // Au demarrage, on va initialiser tous nos hiahi truc pour chose ici 
        // Get event manager.
        $eventManager = $event->getApplication()->getEventManager();
        $sharedEventManager = $eventManager->getSharedManager();                

        // Register the event listener method. 
        $sharedEventManager->attach(AbstractActionController::class, 
                MvcEvent::EVENT_DISPATCH, [$this, 'onDispatch'], 100);





        $serviceManager = $event->getApplication()->getServiceManager();
        $sessionManager = $serviceManager->get(SessionManager::class);   

        $this->forgetInvalidSession($sessionManager);


        // Get language settings from session.
        $container = $serviceManager->get('I18nSessionContainer');

        $languageId = 'en_US';
        if (isset($container->languageId)){
            $languageId = $container->languageId;            
        }

        var_dump($container->languageId);

        \Locale::setDefault($languageId);

        $translator = $serviceManager->get('translator');
        $translator->addTranslationFile(
            'ini',                
            __DIR__ . '/../../../data/translations/'.$languageId.'.ini',
            'default',
            $languageId
        );


        $translator->addTranslationFilePattern(
            'ini',
            __DIR__ . '/../../../data/translations',
            '%s.ini',
            'default'
        );


        //\Laminas\Validator\AbstractValidator::setDefaultTranslator(new \Laminas\I18n\Translator\Translator($translator));


        //$this->forgetInvalidSession($sessionManager);
    }

    protected function forgetInvalidSession($sessionManager) 
    {
        try {
            $sessionManager->start();                    
            return;
        } catch (\Exception $e) {
        }
        /**
         * Session validation failed: toast it and carry on.
         */
        // @codeCoverageIgnoreStart
        //session_unset();
        // @codeCoverageIgnoreEnd
    }

    public function onDispatch(MvcEvent $event){       
        $controller = $event->getTarget();
        $controllerName = $event->getRouteMatch()->getParam('controller', null);       
        $actionName = $event->getRouteMatch()->getParam('action', null);        

        // Convert dash-style action name to camel-case. Je pense pas avoir besoin de celui la.
        $actionName = str_replace('-', '', lcfirst(ucwords($actionName, '-')));  



        // Get the instance of AuthManager service.
        $authManager = $event->getApplication()->getServiceManager()->get(AuthManager::class);

        // Execute the access filter on every controller except AuthController
        // (to avoid infinite redirect).       
        if ($controllerName!=AuthController::class && !$authManager->filterAccess($controllerName, $actionName)) {            
            return $controller->redirect()->toRoute('connexion'); // La route qui a ete definie dans le fichier de config           
        }


    }

}

My Controller and action for switching language here :

<?php
namespace Commun\Controller;
use Commun\Controller\NslabsAbstractController;
class LocaleController extends NslabsAbstractController
{

    public function switchLocaleAction()
    {        
        $locale = $this->post['locale'];                        
        if (empty($locale)) {
            $locale = 'fr';
        }

        $lang = $locale;


        switch ($lang) {
            case 'fr':
                $this->sessionManager->i18nSessionContainer->languageId = 'fr_FR';                   
                break;
            case 'en':
                $this->sessionManager->i18nSessionContainer->languageId = 'en_US';                 
                break;
            default :
                $this->sessionManager->i18nSessionContainer->languageId = 'fr_FR';
        }

        return new \Laminas\Http\Response();
    }


}

I have to say that all my controllers extends the AbstractActionController in where I have added the ServiceManager and Session Manager as construct params.

Any help would be really appreciated.

[Mecanik]

I recommend you to change language in "onRoute" rather than using session. If you really want to use sessions, there more that you must add/do than what you have.

[nanguisamuel]

Ok. How can I set it into onRoute function without have it in my URL ? Or do you have an example ? From: Norbert Boros <notifications@github.com> Sent: lundi 27 avril 2020 20:01 To: olegkrivtsov/using-zf3-book-samples <using-zf3-book-samples@noreply.github.com> Cc: Samidjo <nanguisamuel@gmail.com>; Comment <comment@noreply.github.com> Subject: Re: [olegkrivtsov/using-zf3-book-samples] Session validation failed (#25) I recommend you to change language in "onRoute" rather than using session. If you really want to use sessions, there more that you must add/do than what you have. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#25 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/APLTUCAKZXFFO5BHJ6422KDROXQATANCNFSM4DWDK75Q> . <https://github.com/notifications/beacon/APLTUCGLLP24M3SCT73LVULROXQATA5CNFSM4DWDK752YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOET3YS3A.gif>