Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
A side effect of calling session_destroy() in PHP 5.2.X or below is that all the user-defined session save handlers set for the session are also destroyed.
This causes the following error:
Fatal error: session_start() [function.session-start]: Failed to initialize storage module: user (path: /var/lib/php5) in /var/WWW/drupal/includes/bootstrap.inc on line 1676
This is especially problematic under Pressflow with the way they handle cookies.
The attached patch re-initializes the session save handlers after calling session_destroy().
Comment | File | Size | Author |
---|---|---|---|
legal-fix-session-handling-D6.patch | 724 bytes | brianV | |
Comments
Comment #1
brianV CreditAttribution: brianV commentedSince I see that there is a new maintainer, I would like to just bump this issue so it hopefully gets some light. As it currently stands, Legal.module *will not* work with Pressflow, which makes it unusable without patching on any high-performance site.
Comment #2
recidive CreditAttribution: recidive commentedI was looking for differences between user_logout() in drupal and pressflow, they are the same, except that in pressflow modules hooks are called before session_destroy().
So I wonder if the problem you've outlined can be solved in a similar way way.
Comment #3
brianV CreditAttribution: brianV commentedAs a reference, I should have linked to the Pressflow issue about this - https://bugs.launchpad.net/pressflow/+bug/513117
In that issue, we added a new drupal_session_destroy() function that re-initializes the save handlers after session_destroy() has been called, since PHP < 5.3.X has a bug: http://bugs.php.net/bug.php?id=32330
This covers all the use cases in Pressflow; the originally submitted patch takes the exact same approach after session_destroy() is called in legal.module.
Comment #4
pcarman CreditAttribution: pcarman commentedThe patch submitted with this issue resolved the Fatal Error I was receiving with Legal module enabled on Pressflow. It would be great to have Legal work out of box with Pressflow.
Comment #5
pcarman CreditAttribution: pcarman commentedIn my last post I changed the status. I hope I am not out of line changing that based on my testing and through brianV response. Let me know if I should have handled the status differently.
Comment #6
Robert Castelo CreditAttribution: Robert Castelo commentedJust committed http://drupal.org/node/560548#comment-3420386 to 6.x-2.4-rc2
Does it fix the Pressflow issue reported here, or is it a different issue?
Comment #7
Robert Castelo CreditAttribution: Robert Castelo commentedComment #8
pcarman CreditAttribution: pcarman commentedThe bug still exists in 6.x-2.4-rc. Adding session_regenerate() did not remove the fatal error.
The error was removed when the patch code was added back into the module file.
Comment #9
brianV CreditAttribution: brianV commentedRobert,
Please refer to the PHP bug I listed in post #3 - specifically, the only known workaround (even by the PHP folks), is to use session_set_save_handler() after session_destroy() and before a new session is started.
Comment #10
Robert Castelo CreditAttribution: Robert Castelo commentedI just installed:
pressflow-6.20.97
legal-6.x-2.4-rc2
checkbox_validate-6.x-2.1
Tested on MAMP, PHP 5.2
Could not reproduce the issue.
I tried running the Legal tests, and also tried manual tests of registration, changing T&Cs then logging out and back in with test user.
Could someone test with the above components and let me know if they experience an issue what steps they took to get to the issue.
Maybe the problem is specific to a particular system set up?
Comment #11
adixon CreditAttribution: adixon commentedI can confirm that I have the same problem, the solution suggested works. The problem on my site occurs mostly when generating a lost password url - on clicking that url, the user gets a blank screen and I get that message in my error log. The site uses pressflow. I should also say that it wasn't consistently reproduceable, it seemed to happen only with some users [maybe only new ones?].
Comment #12
Robert Castelo CreditAttribution: Robert Castelo commentedso all usual Legal functions work, just lost password feature sometimes shows white screen of death?
You sure that's a Legal bug?
Comment #13
brianV CreditAttribution: brianV commentedRobert:
It's not a Legal bug - Legal does everything the way it is supposed to. It's a PHP bug in 5.2.X that is only triggered in Pressflow given how PF handles sessions. Since that session handling in Pressflow is a backport of the session handling in D7, when you port this module to D7, you will likely see the exact same functionality as I am describing when operating under D7 in PHP 5.2.X.
For me, at least, under PHP 5.2, if you try to create a new user account or login with a user who has not yet agreed to the current Legal page, you get the reported error.
This is because session_destroy() in legal_user(). In PHP 5.2.x, this happens to also (incorrectly) destroy the save handlers. They need to be reset before the session can be recreated.
The same session_set_save_handler() call submitted in this patch has been patched into Pressflow and D7 to work around this issue when they call session_destroy(). However, Legal does not do this, hence the errors.
Comment #14
adixon CreditAttribution: adixon commentedI can't admit to fully understanding the session issues, but I used the patch back in December and it worked, but an update to the legal module in January not only broke the patch, but made the patch not work completely.
More specifically, first time logins timed out, and it was at the point of the legal module where the session is destroyed that was the cause. I've just tried the following code in around line 435 of legal.module, which seems to work:
though I haven't been diligent in figuring out which piece works. My thoughts are:
1. i looked at the user module logout and saw that it uses the user_module_invoke function instead of module_invoke_all, so just tried that. My guess is this is the key piece, though I've been to lazy to figure out why.
2. i modified the original patch to just use the pressflow function that does what the patch did [just my fiddling, not relevant to the problem]
3. i loaded the anonymous user the same way that the user module does, which looks like it might be faster and safer than how the legal module was doing it [because using user_load might trigger additional things].
Conclusion: sorry, not a well-formed patch, but maybe some useful pieces for anyone with a similar problem and perhaps those of you who better understand the session issues can see what's going on here.
Comment #15
Robert Castelo CreditAttribution: Robert Castelo commentedI've added the patch in #1 to the master version of Legal, will role out a release soon.