Session Save in DB Causes Error (After Fresh Installation) #44
Comments
|
You should be able to fix this by simply changing it to: return (string)$this->_read->fetchOne($select, $bind);I did this already in PR #36. See the comment here: https://www.php.net/manual/en/sessionhandlerinterface.read.php#128107. However, I think the reason it happens in the first place is that you have an Edit: I see you came to the same conclusion about casting to a string. That indeed seems to be the issue, but only because of the undocumented bug / feature in |
|
Btw, if you'd like to test PR #36 I would be much obliged. 🙂 |
|
Can you elaborate in which way this is undocumented behavior bug/feature? I double checked here: https://www.php.net/manual/en/sessionhandlerinterface.read.php and it at least has not only the return type string|false but also states:
Edit: it seems that one can't easily differentiate which part of the SessionHandlerInterface in the |
I see what I can do. |
|
I say that it's a bug, because https://www.php.net/manual/en/sessionhandlerinterface.read.php says:
Which would lead you to believe that if there's no session data for that session id, you should return false. But the user contributed note says:
Which aligns with what is happening here. Returning false causes session_start to fail instead of just populating an empty I think that the PHP intends you to use this interface in addition: https://www.php.net/manual/en/sessionupdatetimestamphandlerinterface.validateid.php Then, it would first call to |
|
So maybe let's first go with the fix idea we both had and add a todo? And later explore and idea and perhaps implement the other interface as well validating a session ID prior to read. |
|
Yeah, I had planned to explore the new interface later, because I also wanted to improve the GC routines for both db and files handler. But don't let that prevent you from making a PR if you want to. Plus, store owners are probably better off not accepting uninitialized session ids anyway... |
|
Hi guys and thanks for checking it out, I just wouldn't stop #36 waiting for this if it's not absolutely necessary :-) |
|
I will have a look tomorrow but because of the discussion in this issue I'm quite optimistic that it works. I'm going to close the issue after the check tomorrow. |
|
I see only one cookie as planned and the main branch works without my own fix applied 👍🏼. |
What I did
Analysis
Error happens during session start. I followed a stack trace a bit further down and the relevant part of it is
app/code/core/Mage/Core/Model/Session/Abstract/Varien.php:153The value of
session_startis indeed false so the exception is thrown. Why is that?Let's have a look into the DB session handler in
app/code/core/Mage/Core/Model/Resource/Session.php. FollowingSessionHandlerInterface, theopen()method is called first, which in this case just returns true and then aread()happens for a given session ID:At this freshly installed state (and if it is a new session ID or the session is expired) the
fetchOne()in the last line returns false (look at the where clauses used).The typing of the method explicitly takes the false into account but herein lies the problem.
The change has been introduced to OM in version 21 with the PR OpenMage/magento-lts#3499.
I guess before this method already returned false which then implicitly was cast to an empty string. By that the exception was not thrown.I noticed right now that the previous behavior had a string cast in it.Conclusion
The session save to DB currently doesn't work. As a consequence one idea for a solution could be changing the
read()method's signature to just returning string and explicitly string cast the returned value (to make it clear that we are aware of the fact, thatfetchOne()can return false and we don't want to do it implicitly by return type). II could prepare a PR if nothing speaks against this idea.
The text was updated successfully, but these errors were encountered: