Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in symfony1\lib\user\sfBasicSecurityUser.class.php on line 257 #183

Closed
sdkcarlos opened this issue Feb 10, 2018 · 4 comments · Fixed by #229
Closed

Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in symfony1\lib\user\sfBasicSecurityUser.class.php on line 257 #183

sdkcarlos opened this issue Feb 10, 2018 · 4 comments · Fixed by #229

Comments

@sdkcarlos
Copy link

I've upgraded Symfony 1 to this version, however i'm getting this exception in PHP 7.2:

Warning: ini_set(): A session is active. You cannot change the session module's ini settings at this time in project\vendor\lexpress\symfony1\lib\user\sfBasicSecurityUser.class.php on line 257

I am not sure if this bug is related to the fixes to make Sf compatible with PHP 7 or is an error of the library.
@e1himself
Copy link
Contributor

e1himself commented Feb 13, 2018
edited
Loading

It seems like a bug, visible only with specific conditions.

https://github.com/LExpress/symfony1/blob/master/lib/user/sfBasicSecurityUser.class.php#L255-L258

    if (ini_get('session.gc_maxlifetime') < $this->options['timeout'])
    {
      ini_set('session.gc_maxlifetime', $this->options['timeout']);
    }

@gileri
Copy link

gileri commented Aug 10, 2018

Raising session.gc_maxlifetime is indeed the solution, but I don't think it is doable in sfBasicSecurityUser.

It must be done before session_start(), and sfSessionStorage doesn't seem coupled with sfBasicSecurityUser so it can't raise session.gc_maxlifetime in respect of what sfBasicSecurityUser it may store before calling session_start().

I think the only way to solve this is to make https://github.com/LExpress/symfony1/blob/master/lib/user/sfBasicSecurityUser.class.php#L255-L258 into a warning/error instead of trying to raise session.gc_maxlifetime.

@pbowyer
Copy link
Contributor

pbowyer commented Dec 6, 2018

With PHP 7.2 (but not listed in the PHP changelog) ini modifications were made to fail - see https://gist.github.com/tpunt/d9fd57c87c37a06a1057e970a90cd8df.

My fix is:

    if (session_status() !== PHP_SESSION_ACTIVE && ini_get('session.gc_maxlifetime') < $this->options['timeout'])
    {
      ini_set('session.gc_maxlifetime', $this->options['timeout']);
    }

pbowyer added a commit to pbowyer/symfony1 that referenced this issue Dec 6, 2018
@pbowyer
Prevent "Warning: ini_set(): A session is active. You cannot change t…
f4aa50f 
…he session module's ini settings at this time in sfBasicSecurityUser.class.php on line 257"

PHP 7.2 changed the `ini_set` behaviour for session keys (see FriendsOfSymfony1/symfony1#183 for a discussion). This patch prevents the warning.
@pbowyer pbowyer mentioned this issue Dec 6, 2018
Merged
@spirit-q2 spirit-q2 mentioned this issue May 6, 2020
Merged
@spirit-q2
Copy link

Guys, check PR above ☝️

@j0k3r j0k3r closed this as completed Jun 8, 2020
@j0k3r j0k3r linked a pull request Jun 8, 2020 that will close this issue
Fix for Warning: ini_set(): A session is active... #229
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix for Warning: ini_set(): A session is active... spirit-q2/symfony1
6 participants
@j0k3r @pbowyer @e1himself @gileri @sdkcarlos @spirit-q2