search

mezzio / mezzio-session-ext

ext-session persistence adapter for mezzio-session
https://docs.mezzio.dev/mezzio-session-ext/
BSD 3-Clause "New" or "Revised" License
7 stars 14 forks source link

Cannot change session id when session is active warning - after upgrade from PHP 7.2 to 7.4 #26

Open jorgeribeiro opened 3 years ago

jorgeribeiro commented 3 years ago

BC Break Report

Q A
Version 1.7.2 and 1.9.0

Summary

After upgrading my project from PHP 7.2 to 7.4 all requests done in my application return this warning. The warning is triggered in the file PhpSessionPersistence.php, on the first line of the method startSession, when session_id($id) is called. I tried to upgrade the package to the version 1.9.0, but the error persists. There is a similar bug reported regarding the session_name function and apparently it was introduced in PHP 7.2, but I never had any issues before the upgrade to PHP 7.4. I've done a lot of research about this issue but I couldn't find a proper solution, that's why I decided to open this issue. I found very odd that no one else reported it, so I decided to give it a shot.

I found two ways to bypass this problem:

private function startSession(string $id, array $options = []) : void
{
    @session_id($id); // Ignore the warning
    session_start([
        'use_cookies'      => false,
        'use_only_cookies' => true,
        'cache_limiter'    => '',
    ] + $options);
}

== OR ==

private function startSession(string $id, array $options = []) : void
{
    if (!session_id()) { // Check if session is already set beforehand
        session_id($id);
    }
    session_start([
        'use_cookies'      => false,
        'use_only_cookies' => true,
        'cache_limiter'    => '',
    ] + $options);
}

I ran the tests using the versions 1.7.4 and 1.9.0 with PHP 7.4 and they were successful.

zoeurk commented 1 year ago

it's seems that :

if(session_id() == "")

is better than:

if(!session_id())

source: PHP session_id Manual