Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session::regenerateSessionId may cause warnings #9496

Closed
lekoala opened this issue Apr 24, 2020 · 5 comments
Closed

Session::regenerateSessionId may cause warnings #9496

lekoala opened this issue Apr 24, 2020 · 5 comments
Labels
affects/v4 impact/low type/bug

Comments

@lekoala
Copy link
Contributor

lekoala commented Apr 24, 2020

Affected Version

4.5.3

Description

Recently found this in my logs in production:

error-log.WARNING: E_WARNING: session_regenerate_id(): Cannot regenerate session id - session is not active {"code":2,"message":"session_regenerate_id(): Cannot regenerate session id - session is not active","file":".../vendor/silverstripe/framework/src/Control/Session.php","line":652}

This happens when sending password reset links

Steps to Reproduce

Get a password reset link, open an incognito window, paste the reset link (in my case, it's hidden by a tracking link from the mail api, so it triggers a redirect) : you get the warning

It may well be due to the incognito window freshly opened or the redirection from the mail api. In any case, it shouldn't happen

Possible ways to solve it:

  • prepend @ in front of the call (like in vendor\silverstripe\framework\src\Security\MemberAuthenticator\SessionAuthenticationHandler.php)
  • check if session is active, something like this seem to work fine for me in my current hotfix
if (!headers_sent() && session_status() == PHP_SESSION_ACTIVE) {
  session_regenerate_id(true);
}
@kinglozzer
Copy link
Member

Gah, we’ve already fixed this once (#9259), obviously not properly :(

Fancy submitting a PR @lekoala?

@dhensby
Copy link
Contributor

dhensby commented Apr 27, 2020

@kinglozzer your changes are in the 4.5.3 tag (https://github.com/silverstripe/silverstripe-framework/blob/4.5.3/src/Control/Session.php) - so I guess it means there's still an edge case to be dealt with?

@kinglozzer
Copy link
Member

Yeah I think I fixed one trigger for this bug, but not the root cause

lekoala added a commit to lekoala/silverstripe-framework that referenced this issue Apr 27, 2020
@lekoala
Fixes warning if session is not active
b38c35f 
See issue silverstripe#9496
@lekoala lekoala mentioned this issue Apr 27, 2020
Merged
@lekoala
Copy link
Contributor Author

lekoala commented Apr 27, 2020

Fancy submitting a PR @lekoala?

PR done! #9499

@dhensby dhensby mentioned this issue May 17, 2020
Closed
@kinglozzer
Copy link
Member

PR merged so this can be closed :D

lekoala added a commit to lekoala/silverstripe-framework that referenced this issue Mar 31, 2021
@lekoala
Fixes warning if session is not active
638e702 
Backport this change to SS3 silverstripe#9496

Recently got the issue on a old project
lekoala added a commit to lekoala/silverstripe-framework that referenced this issue Mar 31, 2021
@lekoala
Fixes warning if session is not active
0009bf8 
Backport this change to SS3 silverstripe#9496

Recently got the issue on a old project
@lekoala lekoala mentioned this issue Mar 31, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects/v4 impact/low type/bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lekoala @dhensby @kinglozzer