Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in symfony1\lib\user\sfBasicSecurityUser.class.php on line 257

[sdkcarlos]

I've upgraded Symfony 1 to this version, however i'm getting this exception in PHP 7.2:

Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in project\vendor\lexpress\symfony1\lib\user\sfBasicSecurityUser.class.php on line 257

I am not sure if this bug is related to the fixes to make Sf compatible with PHP 7 or is an error of the library.

[e1himself]

It seems like a bug, visible only with specific conditions.

https://github.com/LExpress/symfony1/blob/master/lib/user/sfBasicSecurityUser.class.php#L255-L258

    if (ini_get('session.gc_maxlifetime') < $this->options['timeout'])
    {
      ini_set('session.gc_maxlifetime', $this->options['timeout']);
    }

• Try either lowering user session timeout in your project factories.yml (see example here: https://github.com/LExpress/symfony1/blob/master/lib/config/config/factories.yml#L32)

• or raising session.gc_maxlifetime in your php.ini

• or submit a Pull Request to fix it properly :)

[gileri]

Raising session.gc_maxlifetime is indeed the solution, but I don't think it is doable in sfBasicSecurityUser.

It must be done before session_start(), and sfSessionStorage doesn't seem coupled with sfBasicSecurityUser so it can't raise session.gc_maxlifetime in respect of what sfBasicSecurityUser it may store before calling session_start().

I think the only way to solve this is to make https://github.com/LExpress/symfony1/blob/master/lib/user/sfBasicSecurityUser.class.php#L255-L258 into a warning/error instead of trying to raise session.gc_maxlifetime.

[pbowyer]

With PHP 7.2 (but not listed in the PHP changelog) ini modifications were made to fail - see https://gist.github.com/tpunt/d9fd57c87c37a06a1057e970a90cd8df.

My fix is:

    if (session_status() !== PHP_SESSION_ACTIVE && ini_get('session.gc_maxlifetime') < $this->options['timeout'])
    {
      ini_set('session.gc_maxlifetime', $this->options['timeout']);
    }

[spirit-q2]

Guys, check PR above ☝️