Page 1 of 3 123 LastLast
Results 1 to 10 of 23
  1. #1
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default [Done 156A]PHP Warning: session_id(): Cannot change session id when session is active

    New xampp install to php7.3 first time install of ZC156 with php7.3

    Server OS: Linux 4.4.0-140-generic
    HTTP Server: Apache/2.4.37 (Unix) OpenSSL/1.0.2q PHP/7.3.0 mod_perl/2.0.8-dev Perl/v5.16.3
    PHP Version: 7.3.0 (Zend: 3.3.0-dev)
    Database Engine: MySQL 5.5.5-10.1.37-MariaDB

    Zen Cart 1.5.6
    Database Patch Level: 1.5.6
    v1.5.6 [2018-12-17 07:04:49] (New Installation-v156)

    Each time during admin login I get this error log created..

    Code:
    [17-Dec-2018 19:08:38 Europe/Berlin] Request URI: /public_html/zencart156/ADMIN/login.php?camefrom=index.php, IP address: 127.0.0.1
    #1  session_id() called at [/public_html/zencart156/includes/functions/sessions.php:178]
    #2  zen_session_recreate() called at [/public_html/zencart156/ADMIN/includes/functions/admin_access.php:421]
    #3  zen_validate_user_login() called at [/public_html/zencart156/ADMIN/login.php:35]
    [17-Dec-2018 19:08:38 Europe/Berlin] PHP Warning:  session_id(): Cannot change session id when session is active in /public_html/zencart156/includes/functions/sessions.php on line 178
    
    [17-Dec-2018 19:08:38 Europe/Berlin] Request URI: /public_html/zencart156/ADMIN/login.php?camefrom=index.php, IP address: 127.0.0.1
    #1  session_id() called at [/public_html/zencart156/includes/functions/sessions.php:179]
    #2  zen_session_recreate() called at [/public_html/zencart156/ADMIN/includes/functions/admin_access.php:421]
    #3  zen_validate_user_login() called at [/public_html/zencart156/ADMIN/login.php:35]
    [17-Dec-2018 19:08:38 Europe/Berlin] PHP Warning:  session_id(): Cannot change session id when session is active in /public_html/zencart156/includes/functions/sessions.php on line 179
    Cart side works fine, no products loaded in database yet...

    commenting out lines 178, 179 in includes/functions/sessions.php stops the log file creation!!!! Unsure of affects down-line still testing!
    Dave
    Always forward thinking... Lost my mind!

  2. #2
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    The logs are not created under PHP7.2, just 7.3 with Recreate Session true in admin session settings. With recreate off or false, no logs. commenting out lines 178 and 179 also no logs.. there was some bug fixes in php7.3 on session_id() and sessions in general for Session Data Injection Vulnerability, Bug #72681 But I've not had time to really dig into the changes.... something to look into later..

    I'm not sure why lines 178, 179 are there for yet... but.. In tracking session ID, it is getting recreated after login so I don't see any issue with the code, thinking more a change in php session_id()..

    The kicker is, it's just warnings, not taking the site down so maybe something to look at is the use of session_id() with PHP7.3 when time permits..
    Dave
    Always forward thinking... Lost my mind!

  3. #3
    Join Date
    Jan 2004
    Posts
    66,385
    Blog Entries
    7
    Plugin Contributions
    81

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    Quote Originally Posted by davewest View Post
    commenting out lines 178, 179 in includes/functions/sessions.php stops the log file creation!!!!
    At first glance I don't think we want to remove both of those lines.

    Things to test:
    Do customers and administrators lose any data between http vs https when logging in between http/https? Are cart contents lost when shopping?
    If the site is configured with HTTP_SERVER and HTTPS_SERVER both being identical, does session data (cart contents is a good example) remain before/after login?
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  4. #4
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    Quote Originally Posted by DrByte View Post
    At first glance I don't think we want to remove both of those lines.

    Things to test:
    Do customers and administrators lose any data between http vs https when logging in between http/https? Are cart contents lost when shopping?
    If the site is configured with HTTP_SERVER and HTTPS_SERVER both being identical, does session data (cart contents is a good example) remain before/after login?
    Test site is full https and warnings are logging on both customer and admin login with session recreate set to true..

    if I'm understanding this right.. session_id() is used to get or set the session id for the current session.
    Code:
            $saveSession = $_SESSION;     //saving session data
            $oldSessID   = session_id();  //get old session ID        
            session_regenerate_id();      //regenerating new session ID        
            $newSessID = session_id();    //get new session ID
            session_id($oldSessID);    //??setting session ID to old one???
            session_id($newSessID);    //??setting session ID to new one??
            $_SESSION = $saveSession;    //restoring session data
    Then setting the session id two more times would flag warnings for each which is what the log file is telling me.. From what I've read so far, this was silently failing in past versions of php and changed with 7.3..

    Commenting out the two lines is working so far, but agree more testing is needed.... well change the site to http/https and see what happens.
    Dave
    Always forward thinking... Lost my mind!

  5. #5
    Join Date
    Jan 2004
    Posts
    66,385
    Blog Entries
    7
    Plugin Contributions
    81

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    After some testing, for now I think the most compatible fix is indeed changing the 2 lines that davewest originally proposed above.

    Here it is on github: https://github.com/zencart/zencart/c...b8508e6fcf3d6c
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  6. #6
    Join Date
    Sep 2006
    Posts
    163
    Plugin Contributions
    1

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    Quote Originally Posted by DrByte View Post
    After some testing, for now I think the most compatible fix is indeed changing the 2 lines that davewest originally proposed above.

    Here it is on github: https://github.com/zencart/zencart/c...b8508e6fcf3d6c
    Unfortunately, that fix seems to be included in the 1.5.6c code, but I'm still getting this warning on php7.3
    --> PHP Warning: session_id(): Cannot change session id when session is active in /srv/domain.co.uk/public/htdocs/includes/modules/pages/payer_auth_verifier/header_php.php on line 55.

  7. #7
    Join Date
    Sep 2006
    Posts
    163
    Plugin Contributions
    1

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    Am I the only person with this problem?

  8. #8
    Join Date
    Feb 2006
    Location
    Tampa Bay, Florida
    Posts
    9,766
    Plugin Contributions
    124

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    @drbyte and @davewest - great job, guys.

    @hairydog - likely no but since it's just a warning, and many people completely ignore warnings, it's hard to say.
    That Software Guy. My Store: Zen Cart Support
    Available for hire - See my ad in Services
    Plugin Moderator, Documentation Curator, Chief Cook and Bottle-Washer.
    Do you benefit from Zen Cart? Then please support the project.

  9. #9
    Join Date
    Sep 2006
    Posts
    163
    Plugin Contributions
    1

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    I'm never comfortable with ignoring warnings, but there seems to be little alternative.

  10. #10
    Join Date
    Dec 2007
    Location
    Payson, AZ
    Posts
    1,076
    Plugin Contributions
    15

    Default Re: XAMPP - PHP Warning: session_id(): Cannot change session id when session is acti

    Quote Originally Posted by hairydog View Post
    I'm never comfortable with ignoring warnings, but there seems to be little alternative.
    You may need to give more hints... like what payment system are you using.. authorizing or verifying.. I'm not having any issues with Square or checks on ZC156c and php7.3.11.. I'm not sure how payer_auth_verifier is called/used .
    Dave
    Always forward thinking... Lost my mind!

 

 
Page 1 of 3 123 LastLast

Similar Threads

  1. cannot create session when trying to update database
    By brad_at_foreverybody in forum Upgrading from 1.3.x to 1.3.9
    Replies: 12
    Last Post: 27 Oct 2010, 09:07 PM
  2. cannot send session - php spaces problem (I think)
    By retro-haven in forum Installing on a Windows Server
    Replies: 2
    Last Post: 26 Oct 2006, 11:24 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR