Bug on base.php session_start() on PHP 7.1

[DevMan12]

Hi all,

I got this bug when upgrading my PHP to 7.1. apparently it was a session error:

string(21) "Internal Server Error"

string(59) "session_start(): Failed to read session data: user (path: )"

string(217) "[lib/base.php:2152] Base->error()
[lib/base.php:452] session_start()string(21) "Internal Server Error"

string(59) "session_start(): Failed to read session data: user (path: )"

string(217) "[lib/base.php:2152] Base->error()
[lib/base.php:273] session_start()

hopefully the framework can be updated on this error immediately.

[ikkez]

check your session.save_path in in php.ini and phpinfo() and see if that directory is existing and writeable

[ikkez]

in case you are using a database or cache based session handler (that wasn't clear in your message), the fix for that was add to the core recently https://github.com/bcosca/fatfree-core/commit/4f50cd0aa0c8de46968258f90d4d280c355c7029

[DevMan12]

Once again, thanks, yes its the DB session, this fixed it.

[indyo]

If you prefer not to alter the core code, a dirty hack that seems to work is to write something to the session before instantiating the Session object.

$f3->set('SESSION.foo','bar');

new Session;

[solo]

As somebody new and trying to learn, can you tell me what I'd use for composer to use that package instead?  I'm using the main fatfree branch, not fatfree-core, so I do not have this fix included, but I'd like to while I'm developing.  My current composer file is:

{
    "require": {
        "bcosca/fatfree": "dev-master"
    }
}

And I sohuld add, this is my error on windows (the path is writable by all users):

session_start(): Failed to read session data: user (path: C:\PHP71\session)
[C:/inetpub/wwwroot/vendor/bcosca/fatfree/lib/base.php:2152] Base->error()
[C:/inetpub/wwwroot/vendor/bcosca/fatfree/lib/base.php:273] session_start()
[C:/inetpub/wwwroot/vendor/bcosca/fatfree/lib/base.php:414] Base->ref()
[C:/inetpub/wwwroot/app/controllers/Controller.php:28] Base->get()
[C:/inetpub/wwwroot/vendor/bcosca/fatfree/lib/base.php:1773] Controller->beforeroute()
[C:/inetpub/wwwroot/vendor/bcosca/fatfree/lib/base.php:1599] Base->call()
[C:/inetpub/wwwroot/index.php:29] Base->run()

[bcosca]

It would help if you showed us what Controller.php looks like.

[solo]

Absolutely, first this is in my controller.php

function beforeroute(){
// Check for logged-in user
if($this->f3->get('SESSION.email') === null ) {
            $this->f3->reroute('/login');
            exit;
        }
}

This is in my UserController.php

    function authenticate() {
// Get POST data
        $email = $this->f3->get('POST.email');
        $password = $this->f3->get('POST.password');
// Load the user from the DB via their Email
        $user = new User($this->db);
        $user->getByemail($email);

// Check if any records were found, if not redirect.
        if($user->dry()) {
            $this->f3->reroute('/login');
        }
// At this point the user was found, check password and proceed.
        if(password_verify($password, $user->password)) {
            $this->f3->set('SESSION.email', $user->email);
            $this->f3->reroute('/');
        } else {
            $this->f3->reroute('/login');
        }
    }

And this is in my index.php (although, if I remove this line, the sessions work and the session file lands where php.ini says it should.  I have not been able to get it into /tmp/cfg at all, due to the error noted above when I call New Session();  )

// Start Session
new Session();
// Run it!
$f3->run();

I'm also curious if I should be calling session_regenerate_id() at all to prevent fixation, as a best practice after login?

[ikkez]

just switch over to bcosca/fatfree-core:dev-master and it should be fine

[solo]

Is that identical, except that it's the ongoing dev releases?