Moving Exponent to a new server

[exponentcms]

I am in the process of moving a web site from an insecure server to a secure server in a different account. I have created a new MySQL database with the same parameters as the existing site, except for the IP address. I exported the current database and imported successfully into the new database. I registered a new domain name on the new server for testing and have uploaded all of the existing site content. Then I updated the conf.php with the new database IP address. The site worked fine, however there is one major issue:

• I can't log into the new site. After entering username and password it just drops back to the home page without login.

Although I haven't as yet updated the menu imbed file links to https the new site seems to have converted these dynamically.

The old site is at britishtrolley.org.uk and the new copy at british-trolley.org.uk. I guess I've missed something, but trawling through the site files doesn't show anything obvious. Version 2.4.1 level patch 5 PHP 5.6.

I then decided to try a new installation at the latest level. After deleting all files and uploading the new files, and clearing out the database, the installation ran fine until the last screen.

It asked for my login, and what I wanted to do. I selected import database, it then went to the screen in the attached file, not logged in, no menu, even though the original theme files are still there.

I can't see any permissions that look wrong.

Can you help please? Thanks.

[exponentcms]

I have done some more investigating and have established that if I do a new install of Exponent on the existing test platform it works fine. An identical install on the new platform does not allow me to log in, defaulting back to the home page.

The new platform is a Fasthosts cluster server. I have asked them to investigate why the two servers are reacting differently. Meanwhile are you able to let me know what are the dependencies for logging into Exponent please? Are there any file / folder permissions that may need changing? The cluster servers default to 700 and you can't change this via FTP. I have changed the folders as recommended in your installation guide to 775 via SSH with chmod.

[exponentcms]

Fasthosts denies that it's their problem but admit to changes to the new server configurations. I've attached them for you to compare and see if you can identify why login on the new server doesn't work. I've had a look down both and note the following:

• The additional ini files loaded is a little different
• Memory_limit on the new servers is 128M up from 64M
• The new server has a section called Memcached
• In the Session section, the new server shows registered_save_handlers, session_save_handler as memcached and the save path is different
• New server has a section called Zend Guard Loader
• There are differences in the PHP variables list

Not sure where I am in your queue, but would appreciate you getting back to me as I need to get this Exponent site ported to the new server fairly quickly. I hope to avoid finger pointing, but I do find the Fasthosts approach a little 'gay cavalier' - we changed our servers, tough... Help please! Attached 'british-trolley is the new server.

Thank you. Peter.

[exponentcms]

Sorry, on the road... Sounds like PHP sessions files aren't being saved on the server due to a php.ini setting or permission? Typically what you describe (unable to log on) occurs when the server is unable to save the session file (E. G., the server /tmp partition is full... Not to be confused with /tmp folder of Exponent)

[exponentcms]

Thanks for your initial response. I have in the meantime escalated the issue to the general manager of Fasthosts. I think it is unreasonable of them to expect you to change your code because one server in the world has a problem. This especially as this is new server technology they have introduced.

I'll keep you updated on what happens there, meanwhile if you get a chance to look at the two PHP profiles you may well spot what the actual problem is. Once I get someone sensible at Fasthosts to talk to me I'll pass on what you've said. Their first liners are typically defending the status quo.

Regards. Peter.

[exponentcms]

Response from Fasthosts to the info I sent them from you, however I don't know what that means as i can't see anywhere in the code that sets a save path:

PHP sessions do work and do store on the Cluster platform.

[Wed Jul 11 08:15:19.663146 2018] [fcgid:warn] [pid 50326] [client 213.171.217.172:59038] mod_fcgid: stderr: PHP Warning: session_start(): open(10.10.111.52:11211,10.10.111.53:11211/sess_2256aee97ccc4a8fa1d3ec4ff849271f, O_RDWR) failed: Input/output error (5) in /home/hp3-linc8-nfs2-z/524/1943524/user/htdocs/framework/core/subsystems/expSession.php on line 132 [Wed Jul 11 08:15:19.672836 2018] [fcgid:warn] [pid 50326] [client 213.171.217.172:59038] mod_fcgid: stderr: PHP Warning: Unknown: open(10.10.111.52:11211,10.10.111.53:11211/sess_2256aee97ccc4a8fa1d3ec4ff849271f, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 [Wed Jul 11 08:15:19.672864 2018] [fcgid:warn] [pid 50326] [client 213.171.217.172:59038] mod_fcgid: stderr: PHP Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (10.10.111.52:11211,10.10.111.53:11211) in Unknown on line 0

According to PHP Info on the site:

session.save_path 10.10.111.52:11211,10.10.111.53:11211 10.10.111.52:11211,10.10.111.53:11211

This is the error that is being returned.

So adding in the correct script to the site

http://british-trolley.org.uk/fh_sessiontest.php

The session is set! The PHPSESSID is: 24648f070b8e3f13b15e535768743b63 set at 15:21:50

Time = 15:29:34 GMT - Refresh

Does allow the session to be saved as it should.

[exponentcms]

Could you post that test script here? It looks like the error in Exponent is at the start_session() call on line #132 of expression.PHP, which from the error output states the server is unable to write session files.

[exponentcms]

<?php // Start session and set variable. session_start(); // Check if the session is set. if(isset($_SESSION['theSESSIONvarName'])) { $sid = session_id(); echo ""; echo ""; echo "

The session is set! The PHPSESSID is: " . $sid . " set at " . $_SESSION['theSESSIONvarTime'] . "

"; echo "

Time = " . date("H:i:s",time()-date("Z")) . " GMT" . " - Refresh

"; echo ""; } else { $_SESSION['theSESSIONvarName'] = "is_set"; $_SESSION['theSESSIONvarTime'] = date("H:i:s",time()-date("Z")); echo ""; echo ""; echo "

The session is NOT set! Setting!

"; echo "

Refresh | Show PHP Info"; echo ""; }

if($showinf == "true") { PHPInfo(); }

?>

[exponentcms]

How does the below work (closer to Exponent code) we set the session_name, session_id, & session_cookie

<?php
if (!defined('SYS_SESSION_COOKIE')) {
    define('SYS_SESSION_COOKIE','PHPSESSID');
}
$sessid = md5(uniqid(mt_rand(), true));
session_name(SYS_SESSION_COOKIE);
session_id($sessid);
$_COOKIE['PHPSESSID'] = $sessid;
session_set_cookie_params(60*60*24*100);
// Start session and set variable. 
session_start();
// Check if the session is set. 
if(isset($_SESSION['theSESSIONvarName']))
{ $sid = session_id(); echo "";
echo "

";
echo "
The session is set! The PHPSESSID is: " . $sid . " set at " . $_SESSION['theSESSIONvarTime'] . "

";
echo "
Time = " . date("H:i:s",time()-date("Z")) . " GMT" . " - Refresh

";
echo "";
} else
{ $_SESSION['theSESSIONvarName'] = "is_set"; $_SESSION['theSESSIONvarTime'] = date("H:i:s",time()-date("Z")); echo "";
echo "";
echo "
The session is NOT set! Setting!

";
echo "
Refresh | Show PHP Info

";
echo "";
}
if($showinf == "true")
{ PHPInfo(); }

?>

[exponentcms]

Hi Dave. Not sure what to do with this other than save as a PHP and run it. Then all I get is a white screen with:

The session is NOT set! Setting! Refresh | Show PHP Info

and no PHP Info. Can't log in after running it either. Do you think you will be able to modify Exponent to get around this issue please?

Regards, Peter.

[exponentcms]

Sorry, I should've stated the above code was simply a revision of the test script and seems to prove your server setup has an issue with saving session files (not tied to Exponent).

• Is is possible the new server is configured to prohibit (writing) cookies which prevents php sessions from fully working?
• my modified test script above is only different in that it sets
  • session name
  • session id
  • session cookie lifetime length

The reason Exponent has always done the above steps is to force php to automatically create a new (session) cookie instead of manually coding it to create a new session cookie. PHP sessions are based on cookies. User logins are based on PHP sessions.

[exponentcms]

Clearly something is different on the new server, but the problem seems to be tying down exactly what / why. Earlier I attached two PHP info files, one from each server, in the hope you could spot what might be causing the issue. The hosting company admits there are differences but they claim, as you can see above, that sessions do work. The test script was them demonstrating that sessions could be set, and suggesting you pick up the 'correct' code to make Exponent work correctly. What they don't mention is session cookies.

I'm afraid I am not a PHP expert, so am not able myself to interpret what I am being told. As I said earlier, I did try to escalate the fact that the new servers do not react the same as the old ones, but that has drawn a blank. I am on a bit of a deadline with this now, so I need to determine if there is a code change you can do to get this to work, or if I need to pursue further with the hosting company. The latter will almost certainly not prove fruitful, the support guys seem to have taken the attitude 'that's the way it is, you go fix the code' - not hugely helpful.

If it helps, you can FTP into the site - ftp.british-trolley.org.uk - user ambr-support pwd aM456sup . This login is being shared with the Amember support people - minor problems with the member system too although nothing to do with logins.

I'll ask the question about cookies, but don't hold your breath!

Peter.

[exponentcms]

It looks like the issue is with php memcached having too small a a size? I've noticed several fixes on 'google' by switching to 'memcache' from 'memcached' or increasing the memcached key/slab size to greater than 1 MB (3 MB or greater). Exponent has a lot of session data.

The simplest fix is to NOT use php memcache nor memcached for saving sessions.

[exponentcms]

The Fasthosts guy has sent me this:

I have also looked at the error logs and see an error with expressions.php line 132, (full path below)

could you check that and ensure it is pointing to the correct location, If you need to get permissions changed I will ask our engineers to see if they can do it if you cant.

Regards

Allan Fasthosts customer support.

htdocs/framework/core/subsystems/expSession.php on line 132

When I look at that file it is empty. Also I'm not too clear what you are telling me - is this something that needs to be changed on the server or is it something you can work around? It's a shared server so I'm pretty well stuck with what they provide.

Thanks.

[exponentcms]

Latest Fasthosts update:

As it is shared hosting unless it is something you can change in the .htaccess file then we will be unable to change the settings.

[exponentcms]

Yes, line # 132 of expSessions.php reveals the php server issue with memcached. I'll try to do some research about some of the memcached and/or php sessions settings we can change on the fly to work around this memcached issue. Several other php applications besides Exponent also have a similar issue.

[exponentcms]

You MIGHT try to reset to a default session handler by creating a new file in the Exponent root folder named 'overrides.php' which contains:

<?php
session_set_save_handler(new SessionHandler(), true);
?>

This SHOULD revert to a 'files' session method and store them in /tmp

[exponentcms]

Thanks. Unfortunately this results in the content of that file appearing first on the browser page, and login does not work.

Fasthosts have once again come back and said they will not change anything on the server. I would be grateful if you could find a work-around please.

Peter.

[exponentcms]

The file contents shouldn't appear on the page. Did you create a new file in the Exponent root folder named 'overrides.php'? Does it contain the code above?

At this point I'm at a loss for why php memcached doesn't work since we are only setting the session name, id, and cookie life. One of those 3 calls sets up session_start() to fail if using php memcachd.

[exponentcms]

Now this is weird. I created the file with your code, saved and uploaded. Now I downloaded the file to find that Dreamweaver had wrapped html around it... So I edited it back to what you sent and uploaded. Now the file contents don't appear, so that explains that phenomenon.

Still can't log in though! :-(

Did you compare the two info files I sent you? Are there any clues in the setup of the new server compared to the old?

[exponentcms]

As mentioned earlier in reference to the 2 php.ini or info files is the new server is set to use 'memcached' for storing it's sessions where the old server is using 'files' to store it's sessions. And based on searching google, this seems to be a problem with many servers where memcached is finicky about being set up to work without issues.

The offending code in Exponent which reveals the server issue is in expSessions.php lines #127 to 132. However I can not find any information about why this should create an issue as we are making standard calls in php.

[exponentcms]

I've had one more go at Fasthosts, their response:

---

The message from Exponent support indicates that they need to use a lot of session data.

However, both of the available solutions mentioned already (larger key/slab size and not using memcache) would require changes to the server settings themselves, which is something that unfortunately cannot be done, as the servers are set up this way to ensure that the sites of customers will not impact each other in terms of performance.

Looking through this issue, the reality is that it seems that our hosting platform simply won't support the site, which means that you will need to look at another hosting solution, whether that be a server, or a different hosting provider all together.

Now I don't know which way to turn. I could go to another supplier, purchase a contract and find the same issue. The one possibility that looked hopeful will only offer PHP 7 and the membership package that runs in parallel with Exponent needs 5.6.

Where do we go from here?

[exponentcms]

Is there any way to use .htaccess to get around this problem?

[exponentcms]

The overrides.php file accomplished the same things we could accomplish within a .htaccess file. Most settings for memcached are set when the process is launched.

[exponentcms]

OK, but can you fix my problem please? Or do I have to find another provider which doesn't use memcached? If you can fix, please let me know how long it might take. If not please say so, I am on a deadline here and every day takes me closer.

Thank you.

[exponentcms]

I'm at a loss as to troubleshoot and fix your server problem. Especially since this host is unwilling to adjust any PHP settings.

[exponentcms]

Just a thought - can you not change to store session info in the database? The other half of this site uses Amember, which does that.

If I can get amember to work at the latest level with my customisation, I will be able to try another provider to see if Exponent will work OK there.

[exponentcms]

There's no reason why any server session storage method shouldn't work with Exponent. Isn't Amember a software application? Or is there a php session storing extension I can locate any info on?

In Exponent we simply ensure/standardize some php session parameters before calling session_start()

• we set the session name to 'PHPSESSID' which is the standard name
• we set the session id to an md5 of a unique id created using mt_rand(), again a standard practice
• we set the session cookie lifetime to 100 days

[exponentcms]

Yes, it's an application. Within the setup there's an option to use either the database or standard PHP sessions, with database as default. I know very little PHP I'm afraid.

I don't know if it helps, but I've attached a couple of files from amember.

[exponentcms]

Sorry, that application still uses PHP sessions to determine who the user is (note the session_start call and references to $_SESSION)...the storage selection is where the mass of user data is stored?...which like Exponent stores user data in a database, but still uses a php session to determine match the user with the last page load.

PHP Sessions is how the PHP/Apache server can (securely) determine the user between each loading of a page in a multi-user environment (like the web where an untold number of people can be accessing the site simultaneously). We also store some additional session data such as key variables, the list of active pages, database table list, and list of objects (containers) on the page...mostly for speed.

[exponentcms]

OK, it was worth asking... If I can get the amember stuff working (need to run a major upgrade and put customisation back) I will be able to create an account on another provider and see if it works there. Will be a few days...

Thanks for your help so far, pity we couldn't get around this.

[exponentcms]

Well, at long last I have a working site! It is now hosted at UK2, not yet live for users but fully accessible under the test domain name. I did have a few migration issues but we are there now. Peter.

[exponentcms]

Lighthouse URL: https://exponentcms.lighthouseapp.com/projects/61783/tickets/1434