php7.2 session,PHP 7.2 Warning: “Cannot change session name when session is active”
问题
Since PHP on our server was upgraded to 7.2 from 7.0. I am getting the following warning (which leads to error) if a new deployment is done. The reason is probably, that old sessions get invalid after deployment.
Warning: session_name(): Cannot change session name when session is
active in /var/www/html/model/login/lib/Session.class.php on line 137
Warning: session_set_cookie_params(): Cannot change session cookie
parameters when session is active in
/var/www/html/model/login/lib/Session.class.php on line 138
Warning: Cannot modify header information - headers already sent by
(output started at
/var/www/html/model/login/lib/Session.class.php:137) in
/var/www/html/model/login/lib/Session.class.php on line 142
It seems like PHP 7.2 got more strict in the context of session sin a certain context. The server seems to recognize the invalid sessions and tries to destroy those. This is part of the Session class:
/**
* Secure instant destruction of session. Must be called after session_start !
*/
public static function destroyAbsolute() {
self::checkInit(); // unimportant
session_name(self::$name); // this is line 137
session_set_cookie_params(0, COOKIEPATH, null, self::$force_ssl_cookie, true);
if(session_id()) {
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), "", time() - 42000, COOKIEPATH);
}
unset($_COOKIE[session_name()]);
session_destroy();
}
}
What has changed in PHP regarding sessions?
Why is it not allowed to set a session name if another session is active (according to the docs with session_name I could change sessions and start multiple sessions)?
And how may I destroy the running session appropriately?
Doing further research I also have found the following discussion on GitHub (https://github.com/Icinga/icingaweb2/issues/3185). They confirm that this error was introduced with PHP 7.2. Unfortunatly there is also no answer :-/
回答1:
I have done a bug report at php.net and they explained that this is not a bug. Yes in PHP 7.2 a warning is generated now. However this never worked as intended, it just failed silently.
For creating multiple sessions it is required to use session_id(). Have a look at this related question: PHP How can I create multiple sessions?
session_name() as well as session_set_cookie_params() are always nonesense if the session is already running.
For the original answer have a look here: https://bugs.php.net/bug.php?id=75650&thanks=2
回答2:
I had a similar problem but finally found a way through. The code below was my first approach that gave me errors.
static function startmysession($lifetime, $path, $domain, $secure, $httponly){
session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
session_regenerate_id(true);
if(!isset($_SESSION)){
session_start();
}
}
Now Earlier versions of php overlooked our mistake(We were practically renaming and giving a session that already exists properties which is very wrong. So how did i solve this problem?
static function startmysession($lifetime, $path, $domain, $secure, $httponly){
if(!isset($_SESSION)){
session_set_cookie_params($lifetime, $path, $domain, $secure, $httponly);
@session_regenerate_id(true);
session_start();
}
}
I now bound the session_set_cookie_params() just before session start and I test if the session already exists before doing so.
回答3:
TLDR: if the session exists, use setcookie(session_name(), session_id(), ...) else use session_set_cookie_params(...)
https://www.php.net/manual/en/function.session-set-cookie-params.php#100657
As PHP's Session Control does not handle session lifetimes correctly
when using session_set_cookie_params(), we need to do something in
order to change the session expiry time every time the user visits our
site. So, here's the problem.
$lifetime=600;
session_set_cookie_params($lifetime);
session_start();
?>
This code doesn't change the lifetime of the session when the user
gets back at our site or refreshes the page. The session WILL expire
after $lifetime seconds, no matter how many times the user requests
the page. So we just overwrite the session cookie as follows:
$lifetime=600;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
?>
And now we have the same session cookie with the lifetime set to the
proper value.
My solution:
Originally:
$cookieParams = session_get_cookie_params();
session_set_cookie_params(
$seconds,
$cookieParams['path'],
$cookieParams['domain'],
$cookieParams['secure']
);
Now:
if(isset($_SESSION)) {
if ($seconds != 0) {
setcookie(session_name(), session_id(), time() + $seconds);
} else {
setcookie(session_name(), session_id(), $seconds);
}
} else {
$cookieParams = session_get_cookie_params();
session_set_cookie_params(
$seconds,
$cookieParams['path'],
$cookieParams['domain'],
$cookieParams['secure']
);
}
来源:https://stackoverflow.com/questions/47700336/php-7-2-warning-cannot-change-session-name-when-session-is-active
php7.2 session,PHP 7.2 Warning: “Cannot change session name when session is active”相关推荐
- 【javaweb】Session原理以及浏览器禁止Cookie之后服务器如何获取Session
在web应用中打开浏览器访问一个网站,登录,浏览,到关闭浏览器,称为是一个会话.由于Http协议是无状态的,因此用户在动态页面交互信息需要一些能够保存用户信息的数据结构.这个保存用户浏览数据的数据结构 ...
- PHP中session特点及用途,PHP特点之会话机制2——Session及其使用
会话机制(Session)在 PHP 中用于保存并发访问中的一些数据.这使可以帮助创建更为人性化的程序,增加站点的吸引力. 一个访问者访问你的 web 网站将被分配一个唯一的 id, 就是所谓的会话 ...
- spring boot2.x设置session有效时间_Spring 源码解析 Scopes 之 Request 、Session 、Application...
(给ImportNew加星标,提高Java技能) 转自:开源中国,作者:麦克斯 链接:my.oschina.net/wang5v/blog/3017934 Request.Session.Applic ...
- vue前后分离session实现_vue2 前后端分离项目ajax跨域session问题解决
最近学习使用vuejs前后端分离,重构一个已有的后台管理系统,遇到了下面这个问题: 实现跨域请求时,每次ajax请求都是新的session,导致无法获取登录信息,所有的请求都被判定为未登陆. 1. v ...
- php 集群 session共享,Session共享:php和redis集群如何实现Session共享
本篇文章给大家带来的内容是关于Session共享:php和redis集群如何实现Session共享,有一定的参考价值,有需要的朋友可以参考一下,希望对你有所帮助. 一.redis 数据库集群安装软件版 ...
- session和cookie的区别和联系,session的生命周期,多个服务部署时session管理
Session和Cookie的区别 对象 信息量大小 保存时间 应用范围 保存位置 Session 小量,简单的数据 用户活动时间+一段延迟时间(一般为20分钟) 单个用户 服务器端 Cookie 小 ...
- su: warning: cannot change directory to : Permission denied ;-bash: bash_profile: Permission denied
一.查看主目录权限对不对 1:问题描述 [root@ser6-52 ~]# su - mongodb su: warning: cannot change directory to /home/mon ...
- su: warning: cannot change directory to /home/mysql: No such file or directory
[root@dbserver ~]# su - mysql Last login: Thu Aug 31 17:20:03 CST 2017 on pts/1 su: warning: cannot ...
- java session 生命周期_Java架构师第十四步——Session的生命周期(读书笔记)
Session生命周期 Session中的数据保存在服务器端,在客户端需要的时候创建Session,在客户端不需要的时候销毁Session,使它不再占用服务器内存.前面说了服务器并不管客户端是否依然存 ...
最新文章
- liunx检查与安装软件包
- transform插件
- python 角度传感器模拟_python树莓派红外反射传感器
- python123.io能不能补交作业_作业分配问题-回溯法-Python3
- java强势来袭 百战程序员Java基础入门教程,学编程就像玩游戏一样简单 ~
- 巴特沃斯、切比雪夫、贝塞尔滤波器详解:(区别,特点,电路图)
- linux创建自签名证书
- 查询ISBN号验证ISBN号调用api接口查询书籍信息
- Enterprise Architect v16
- bixby怎么编程_三星的Bixby可以做什么?
- Unity3D资源包中没有Bouncy材质怎么办
- 重磅!清华大学首个原创虚拟美女学生,“华智冰”唱歌好听到爆
- Kafka Topic分区手动迁移:kafka-reassign-partitions
- 74HC595工作原理及FPGA实现数码管驱动方法
- Git用法及常见问题
- xml 转json 传输
- 华为数通笔记-NSR
- “技能成就梦想 创新促进发展”2016年成德绵创新改革试验区第二届高技能人才交
- 记一次虚拟机失联的奇葩经历
- UE4+科大讯飞语音听写
热门文章
- .Net IOC框架入门之一 Unity
- C1 WPF C1FlexGrid设置样式技巧:单元格设置背景色
- Swift之学习资料
- Gradle-jar-aar
- Android 5.0 双卡信息管理分析
- java正则表达式匹配`\`
- python中的opencv读取数字_opencv+python 机读卡识别之试错(一)模板匹配的数字识别...
- 所需依赖_包揽全球75%进口!中国为何进口天量铁矿石?如何减少对澳依赖
- python如何下载安装tensorflow_TensorFlow下载与安装
- python能熔断吗_在大型项目上,Python 是个烂语言吗?