Open module0x90 opened 7 years ago
The best i came up with yet was this:
\Registry::set('session', $sess=new \DB\SQL\Session(
$f3->get('DB'),
'session',
false,
function($session,$id) {
$session->destroy($id);
$session->close();
$fw=\Base::instance();
$fw->clear('COOKIE.'.session_name());
$fw->error('403');
}
));
Though this will destroy the session, it is actually not finally closed yet within the ONSUSPECT handler, as this is called while session_start is called and we cannot call session_destroy
before session_start has finished. This means that rerouting from that point is difficult, because the frameworks unload handler will check of active sessions and commits the session, we're just about to close at this point. That's the point were the recursion happens. The only way to get around this (even in php 7.3+) is to throw an error, as the onload handler will skip saving the session in that case. Ideas welcome.
I had the same issue. I did it with this compromise.
You can print an html with javascript to do a redirect frontend.
new DB\SQL\Session( $fw->DB, 'sessions', TRUE, function($session, $id) { $session->destroy($id); $session->close(); echo 'Session expired. If not redirected <a href="/login">click to login</a>'; echo '<script>window.location.replace("http://example.com/login");</script>'; die(); } );
Hi,
my webapp is using DB sessions and I was recently playing with onsuspect() handler. My code is:
My webapp requires the user to login and the logged in user is stored in SESSION.user. After I have logged in, I get the session_id and change the stored IP in the session table. Then I click on some other action (while still logged in) in my web app and it crashes with
I am on PHP 7.1.5. This seems to be hitting bug #73461 (https://bugs.php.net/bug.php?id=73461) and a patch would be https://github.com/php/php-src/pull/2196. In my case - though untested - I could get away with unsetting SESSION.user instead of destroying the session.
Stacktrace:
There was also a discussion on https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/f3-framework/P-1q-9H9fWw with ved. This bug/feature in PHP 7.1.X is hitting F3 in different ways.
Cheers
Thomas