Extra output Sent by during Script execution which leads to Cookie headers not being send

[Dmitry A.]

Hello guys,

Starting In-Portal 5.0.1 (possibly even 5.0) we have came across the
situation when Cookie hasn't been set due to issue with script sending
extra output (wasn't buffered by PHP) during it's runtime. This lead
to the issue with properly setting the Cookie when required. In
particular this happens on the Front end when you are trying to add a
product to your cart and new session is created, but can affect other
places as well.

The above issue is ONLY in affect when PHP configuration setting
"output_buffering" has NO value. By default it's set to 4096 (4K), but
sometime changed to No Value.

Here is a link to PHP manual with more description on Output Control
system in PHP http://www.php.net/manual/en/intro.outcontrol.php

While it was done before - the task is:

1. check and find all places where extra (early) output is sent.
2. Do check before installation on "output_buffering" setting which is
preferable to have some value.

Please feel free to add here.

DA.

[Alexander Obuhovich]

Related issue is with "Remember Me" checkbox being used. Initially we don't create session on front-end, when it's no needed. When user logges in with "Remember Me" checkbox checked, then later, when user session will expire, then it will be recreated using "remeber_login" cookie set first time.

Because of session is created after output is made (see kApplication::Done method), then SID will never be placed in cookie. Only works, when debug mode is on.

Ideas how to fix that:

I don't see any reason, why session is saved before page output is sent to browser, because session saving doesn't take too much time anyway (especially, when no session data was changed). Agents are run just before session data is saved there and that's wrong, because agent is session-independent event in all cases and we should save session before that.

Need to check all agents, to confirm that.

--
You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.

--
Best Regards,

http://www.in-portal.com
http://www.alex-time.com

[Dmitry A.]

Hi Sasha,

Would you please check all agents and confirm that described case is
true?

DA.

> > system in PHPhttp://www.php.net/manual/en/intro.outcontrol.php

>
> > While it was done before - the task is:
>
> > 1. check and find all places where extra (early) output is sent.
> > 2. Do check before installation on "output_buffering" setting which is
> > preferable to have some value.
>
> > Please feel free to add here.
>
> > DA.
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "In-Portal Bugs Team" group.
> > To post to this group, send email to in-port...@googlegroups.com.
> > To unsubscribe from this group, send email to

> > in-portal-bug...@googlegroups.com<in-portal-bugs%2Bunsubscribe@go oglegroups.com>

[Alexander Obuhovich]

Here is task for that: http://tracker.in-portal.org/view.php?id=604 . We'll do all confirming stuff, while implementing bugfix.

To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.

[Alexander Obuhovich]

Patch from http://tracker.in-portal.org/view.php?id=529 somehow fixes that.

[Dmitry Andrejev]

Yes, this is true - patch fixes this issue, but we still need to review and do this task:

http://tracker.in-portal.org/view.php?id=604

DA.

[Dmitry A.]

Hi guys,

Looks like we have come across this issues again - Can't login into Admin since COOKIES are not set. Now it's one of the user servers (Apache) and PHP as GCI with output_buffering (no value).

I guess the question is how do get around this since it's becoming an issue now.

Below is part ofg DBG output from the Admin Login page (DBG_REDIRECT was enabled to see this)

=============

Function: kApplication->Redirect in event_manager.php on line 456

Array
(
    [0] = index
    [1] = Array
        (
            [opener] = s
            [pass] = all
            [m_lang] = 1
        )
    [2] = NULL
    [3] = NULL
)
 

Function: kEventManager->ProcessRequest in application.php on line 1000

Array
(
)
 

Function: kApplication->ProcessRequest in application.php on line 1052

Array
(
)
 

Function: kApplication->Run in index.php on line 23

Array
(
)
 

Warning: Cannot modify header information - headers already sent by (output started at /home/region/public_html/dev/core/kernel/application.php:2194) in w:\core\kernel\session\session.php on line 799

Warning: Cannot modify header information - headers already sent by (output started at /home/region/public_html/dev/core/kernel/application.php:2194) in w:\core\kernel\session\session.php on line 803

Warning: Cannot modify header information - headers already sent by (output started at /home/region/public_html/dev/core/kernel/application.php:2194) in w:\core\kernel\session\session.php on line 799

Warning: Cannot modify header information - headers already sent by (output started at /home/region/public_html/dev/core/kernel/application.php:2194) in w:\core\kernel\session\session.php on line 803

Name:
    INSERT INTO `inp_UserSession` (`PortalUserId`,`Language`,`Theme`,`IpAddress`,`GroupId`,`GroupList`,`SessionKey`,`LastAccessed`,`BrowserSignature`)
    VALUES ('-1','1','999','99.14.230.174','14','14','933724498','1297301698','3ae32ce7f50b21d0b1ce6e97bed0b689')




=============








DA

  

[Alexander Obuhovich]

What is on that /core/kernel/application.php:2194 line of you file? I have "return true" in mine :)

I suppose that lines in "/core/kernel/session/session.php" call "setcookie", am I correct?







DA

  

--

You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.

To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.

For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.

[Dmitry A.]

Hi Alex,

1. I have "ob_end_flush();" on line 2194 it's in Application::Redirect method.

2. I suppose that lines in "/core/kernel/session/session.php" call "setcookie", am I correct? YES

Any ideas?

DA

[Alexander Obuhovich]

So, what does ob_end_flush() send to output?

If you replace this with:

$out = ob_get_clean();, then what will be in $out variable?

DA

--

You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.

[Dmitry A.]

We'll, I have setup an Email to be send from that place with Template and Time stamp in Subject and content of $OUT in the Body.

Guess what - NO content (completely empty) which makes me to believe that even the attempt to send nothing and PHP buffer is set to No Value we are getting this issue with Setting Cookie.

What if we move that ob_end_flush(); right before EXIT statement on that Redirect method (after Cookie is set)? Any particular reason we need it before?

DA 

[Alexander Obuhovich]

You should write to file instead, since email event maybe does trim on contents being sent.

ob_end_flush() should display whatever output being generated using "echo ..." statements around the code. 

Session is not always being set just after that output, but it happens.

We can do ob_end_flush() after cookie is set actually.

DA 

--

You received this message because you are subscribed to the Google Groups "In-Portal Bugs Team" group.
To post to this group, send email to in-port...@googlegroups.com.
To unsubscribe from this group, send email to in-portal-bug...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/in-portal-bugs?hl=en.

[Alexander Obuhovich]

Here is the patch.

Needs testing.

[Dmitry A.]

Thanks for patch - tested well and can be committed to 5.1.2-Beta2

DA