romano80
commented
6 years ago I have the same problem the user is authenticated but doesn't have permission and session table no have records
Closed daviddpd closed 4 years ago
romano80
commented
6 years ago I have the same problem the user is authenticated but doesn't have permission and session table no have records
mattpascoe
commented
6 years ago I've not yet tested ONA on anything higher than PHP 7.0.28... Looks like I need to update a few things.
I'll have a look into this. Thanks for the heads up
daviddpd
commented
6 years ago Just for reference ... because I reverted back to head to test another change/patch and had to dig for this - this is what is needed to disable database sessions and fix the so for single code issue php 7.2.
Of course, ensure your web server and php config (php.ini) are setup correctly for file-base sessions.
diff --git a/www/config/config.inc.php b/www/config/config.inc.php
index 47be897..63750f6 100644
--- a/www/config/config.inc.php
+++ b/www/config/config.inc.php
@@ -217,7 +217,7 @@ foreach ($records as $record) {
}
// Include functions that replace the default session handler with one that uses MySQL as a backend
-require_once($conf['inc_db_sessions']);
+// require_once($conf['inc_db_sessions']);
// Include the GUI functions
require_once($conf['inc_functions_gui']);
diff --git a/www/include/functions_gui.inc.php b/www/include/functions_gui.inc.php
index cd4f416..4c5cd63 100644
--- a/www/include/functions_gui.inc.php
+++ b/www/include/functions_gui.inc.php
@@ -141,7 +141,7 @@ function workspace_plugin_loader($modulename, $record=array(), $extravars=array(
global $conf, $self, $base, $images, $color, $style, $onadb;
$modhtml = '';
$modjs = '';
- $modwsmenu = '';
+ $modwsmenu = array();
$modbodyhtml = '';
$ws_plugin_dir = "{$base}/workspace_plugins";
framer99
commented
5 years ago I've got this figured out, the custom handler sess_read() returns "false" if the session did not exist (first page load). In PHP<7.1 session_start() will still initialize the $_SESSION var when sess_read() returns false, but 7.1 no longer does. See the changelog here: http://php.net/manual/en/function.session-start.php
Explained here also: http://php.net/manual/en/function.session-start.php#120589
The fix is to just return an empty string ' ' instead of false.
My debugging to ona.log showed that open(),read(), and close were called, but never write() as others pointed out. Since PHP never initialized $_SESSION, it makes sense it would never write it, but it seems like the ona code would have populated some part of $_SESSION and it would then exist to be written at close. Although, I never looked and maybe in the ona code it's usage is all conditional on whether $_SESSION already exists?
Or possibly more likely, PHP just ignores $_SESSION for the life of the script since it did not initialize it. So, $_SESSION just works as any other use declared variable and does not get passed to sess_write() ( sess_write() never even gets called)
I'm working on a pull request hopefully today.
I cannot get adodb_sessions to work with php 7.2. File based sessions do work ( of course with #129 ).
I've tried various debugging statements and such, and to the best I can find sess_write() is never getting called, so the sessions never gets inserted into the database. Reverting to PHP 5.6 and sessions then start working.