0

I am trying to deploy a legacy Symfony 1.4 (actually Symfon 1.5 via FriendsOfSymfony1 [1]) project in a Vagrant Box with Ubuntu 18.x. My PHP version is 7.2.x (see [2]) Everything works fine, the site loads, but I get this error (and cannot complete the login to the legacy site):

[Fri Feb 07 14:51:53.880189 2020] [php7:warn] [pid 2831] [client 10.0.2.2:63895] PHP Warning: session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/vagrant/swdev/lib/vendor/lexpress/symfony1/lib/storage/sfSessionStorage.class.php on line 95, referer: http://127.0.0.1:8080/frontend_dev.php/registration/

[Fri Feb 07 14:51:53.880478 2020] [php7:warn] [pid 2831] [client 10.0.2.2:63895] PHP Warning: session_start(): Failed to read session data: files (path: /var/lib/php/sessions) in /home/vagrant/swdev/lib/vendor/lexpress/symfony1/lib/storage/sfSessionStorage.class.php on line 95, referer: http://127.0.0.1:8080/frontend_dev.php/registration/

There is already a discussion here: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' But it does not solve my problem.

The relevant code snippet (line 95) is here:

https://github.com/FriendsOfSymfony1/symfony1/blob/d9e3f17e246ed90590c4e5175f1cec39f4a68254/lib/storage/sfSessionStorage.class.php#L95

The code that sets the session_id is in the same file, line 52 onward:

  public function initialize($options = null)
  {
    $cookieDefaults = session_get_cookie_params();

    $options = array_merge(array(
      'session_name'            => 'symfony',
      'session_id'              => null,      // <=============== HERE
      'auto_start'              => true,
      'session_cookie_lifetime' => $cookieDefaults['lifetime'],
      'session_cookie_path'     => $cookieDefaults['path'],
      'session_cookie_domain'   => $cookieDefaults['domain'],
      'session_cookie_secure'   => $cookieDefaults['secure'],
      'session_cookie_httponly' => isset($cookieDefaults['httponly']) ? $cookieDefaults['httponly'] : false,
      'session_cache_limiter'   => null,
    ), $options);

    // initialize parent
    parent::initialize($options);

This link mentions that it's a PHP 7.1 issue (I have PHP 7.2!?), and that you cannot use null as session_id (like the code above does). So I changed

'session_id' => null,

to

'session_id' => '',

then I cleared cached via ./symfony cc, then restarted apache, but still: I get the PHP warning re session id.

Memcached related?

Maybe related: reviewing the legacy code, I realize that the session storage is defined in my factories.yml file like so:

(snip)

  storage:
    class: sfCacheSessionStorage
    param:
      session_name: prx
      cache: 
        class: sfMemcacheCache #[required] define the cache strategy
        param:
          servers: # Array of servers
            localserver:
              host: localhost # hostname or IP of mamcache server
              port: 11211 # default memcache port

(snip)

Memcached is already installed and running:

vagrant@ubuntu-bionic:~/swdev$ ps aux | grep -i memc
memcache  1002  0.0  0.3 424764  3036 ?        Ssl  13:50   0:01 /usr/bin/memcached -m 64 -p 11211 -u memcache -l 127.0.0.1 -P /var/run/memcached/memcached.pid
vagrant   3289  0.0  0.1  13136  1108 pts/0    S+   15:42   0:00 grep --color=auto -i memc

Footnotes

[1] Instead of Symfony 1.4 I am using an update from FriendsOfSymfony1

https://github.com/FriendsOfSymfony1/symfony1

[2] PHP Version

PHP 7.2.24-0ubuntu0.18.04.2

Ugur
  • 1,914
  • 2
  • 25
  • 46

2 Answers2

0

The problem with not FOS code, but rather with your code that calls it. You can see it merges the FOS array with your $options array. Please check the stacktrace for call of this method, and see where the $options argument comes from. Solving it there will solve the issue with too long ID.

EDIT: I did some checks using PHP 7.2 you're using and my guess there should be some PR done to the code there and change the code to :

$options = array_merge([
    'name'            => 'symfony',
    /**
     * Cannot be set becasue is not an session option
     * @see: https://www.php.net/manual/en/session.configuration.php
     */
    //'session_id'              => null,
    /**
     * Cannot be set becasue of PERDIR
     * @see: https://www.php.net/manual/en/configuration.changes.modes.php
     */
    //'auto_start'              => '0',
    'cookie_lifetime' => $cookieDefaults['lifetime'],
    'cookie_path'     => $cookieDefaults['path'],
    'cookie_domain'   => $cookieDefaults['domain'],
    'cookie_secure'   => $cookieDefaults['secure'],
    'cookie_httponly' => isset($cookieDefaults['httponly']) ? $cookieDefaults['httponly'] : false,
    /**
     * Only allows specified string values, defaults to nocache, not null
     */
    'cache_limiter'   => 'nocache',
], $options);
Jan Myszkier
  • 2,714
  • 1
  • 16
  • 23
  • Ok, I realized that prior to the merge the `session_id` is `null`. So I checked after the merge if it is `null`, and if so: I set it to an empty string. But still I get the PHP warning. – Ugur Feb 07 '20 at 15:34
  • Apparently the warning exludes a space from legal characters. So I used a dash as default value. No success – Ugur Feb 07 '20 at 15:39
  • https://github.com/FriendsOfSymfony1/symfony1/blob/d9e3f17e246ed90590c4e5175f1cec39f4a68254/lib/storage/sfSessionStorage.class.php#L95 can you please share var_dump of `$this->options` right above this line via pastebin? – Jan Myszkier Feb 07 '20 at 15:40
  • I reverted my changes (setting `session_id` to empty string) and created the vardump: https://pastebin.com/LsgwSRYP – Ugur Feb 07 '20 at 15:48
  • I have edited my first comment, please give it a go and let me know what you get there. – Jan Myszkier Feb 07 '20 at 17:45
  • Ok, your latest answer seems to remove the error messages I reported. But l still cannot accomplish the login to the legacy site. Checking the logfiles I see [this](https://pastebin.com/rRmCenRL). It says `ession_regenerate_id(): Cannot regenerate session id - session is not active `. // I realized that since you comment out ` //'auto_start' => '0',` we never reach the part with `session_start();` in line 95. Why? Because we don't pass the test: `if ($this->options['auto_start'] && !self::$sessionStarted)` since `options['auto_start'] ` is disabled. So how to start session then? – Ugur Feb 07 '20 at 17:52
  • 1
    yes, this error makes sense, since the array merge only used NULL session_id value if it wasn't there already. which means, session was not started earlier, and auto_start would not help at this point anyway. My guess your CORE problem is vagrant here as I see it might not have access to the path configured in your image, see this page that describes the problem: https://stackoverflow.com/questions/37707905/php7-symfony-3-1-0-vagrant-failed-to-write-session-data – Jan Myszkier Feb 07 '20 at 18:30
0

Deleting browser cookies (hint from [1]) seemed to resolve the problem. But now I have another error[2]. But that's for another question on SO.

[1] See https://stackoverflow.com/a/28024487/5115219

[2] Next error

[Fri Feb 07 18:22:01.701138 2020] [php7:warn] [pid 3200] [client 10.0.2.2:59612] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /home/vagrant/swdev/lib/vendor/lexpress/symfony1/lib/user/sfBasicSecurityUser.class.php on line 257

And then trying to log in to my legacy app, I get this error log:

[Fri Feb 07 18:22:10.272147 2020] [php7:warn] [pid 3610] [client 10.0.2.2:59628] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /home/vagrant/swdev/lib/vendor/lexpress/symfony1/lib/user/sfBasicSecurityUser.class.php on line 257, referer: http://127.0.0.1:8080/frontend_dev.php/registration/

[Fri Feb 07 18:22:10.360800 2020] [php7:warn] [pid 3610] [client 10.0.2.2:59628] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /home/vagrant/swdev/lib/vendor/lexpress/symfony1/lib/user/sfBasicSecurityUser.class.php on line 257, referer: http://127.0.0.1:8080/frontend_dev.php/registration/

[Fri Feb 07 18:22:10.826885 2020] [php7:warn] [pid 3521] [client 10.0.2.2:59629] PHP Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in /home/vagrant/swdev/lib/vendor/lexpress/symfony1/lib/user/sfBasicSecurityUser.class.php on line 257, referer: http://127.0.0.1:8080/frontend_dev.php/registration/

[Fri Feb 07 18:22:11.717016 2020] [php7:notice] [pid 3521] [client 10.0.2.2:59629] Result Cache driver not initialized., referer: http://127.0.0.1:8080/frontend_dev.php/registration/

Community
  • 1
  • 1
Ugur
  • 1,914
  • 2
  • 25
  • 46