PHP :: Bug #71070 :: Custom session handler write method returns false, warning message misleading

Bug #71070

Custom session handler write method returns false, warning message misleading

Submitted:

2015-12-09 06:53 UTC

Modified:

2015-12-09 21:44 UTC

Votes:	3
Avg. Score:	4.3 ± 0.9
Reproduced:	3 of 3 (100.0%)
Same Version:	3 (100.0%)
Same OS:	2 (66.7%)

From:

claytonsmith at outlook dot com

Assigned:

yohgaki (profile)

Status:

Closed

Package:

Session related

PHP Version:

Irrelevant

OS:

Private report:

CVE-ID:

None

View Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

Quick Fix:	(description)
	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	claytonsmith at outlook dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2015-12-09 06:53 UTC] claytonsmith at outlook dot com

Description:
------------
When using a custom session handler it will generate a misleading error message about why the write failed to happen.  It says to verify the session.save_path is correct but because we are using a custom session handler, it may never be attempting to write to that directory.

Example of one user running into this problem:
http://stackoverflow.com/questions/34117651/php7-symfony-2-8-failed-to-write-session-data/

It would be better to have a more clear warning message to diagnose why this occurs.

Test script:
---------------
<?
error_reporting(E_ALL);
ini_set('display_errors', 1);

class TestHandler extends SessionHandler {
    public function write($id, $data) {
        // Write somewhere that is not a file
        return false;
    }
}

$saveHandler = new TestHandler();
session_set_save_handler(
	array(&$saveHandler, 'open'),
	array(&$saveHandler, 'close'),
	array(&$saveHandler, 'read'),
	array(&$saveHandler, 'write'),
	array(&$saveHandler, 'destroy'),
	array(&$saveHandler, 'gc')
);

session_start(); 

$_SESSION['value'] = 123;
var_dump($_SESSION);


Expected result:
----------------
PHP Warning:  Unknown: Failed to write session data using custom session handler in custom-session-handler.php on line 123



Actual result:
--------------
 Warning: session_write_close(): Failed to write session data (user). Please verify that the current setting of session.save_path is correct (/tmp)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2015-12-09 15:02 UTC] laruence@php.net

-Assigned To: +Assigned To: yohgaki

[2015-12-09 15:02 UTC] laruence@php.net

We can not get the file/line info, instead we can only warn about write failed, however I am not what message is better:
diff --git a/ext/session/session.c b/ext/session/session.c
index 5e4831c..6981b8f 100644
--- a/ext/session/session.c
+++ b/ext/session/session.c
@@ -572,11 +572,15 @@ static void php_session_save_current_state(int write) /* {{{ */
 			}
 
 			if ((ret == FAILURE) && !EG(exception)) {
-				php_error_docref(NULL, E_WARNING, "Failed to write session data (%s). Please "
-								 "verify that the current setting of session.save_path "
-								 "is correct (%s)",
-								 PS(mod)->s_name,
-								 PS(save_path));
+				if (!PS(mod_user_implemented)) {
+					php_error_docref(NULL, E_WARNING, "Failed to write session data (%s). Please "
+									 "verify that the current setting of session.save_path "
+									 "is correct (%s)",
+									 PS(mod)->s_name,
+									 PS(save_path));
+				} else {
+					php_error_docref(NULL, E_WARNING, "Failed to write session data (%s)", PS(mod)->s_name);
+				}
 			}
 		}
 	}


thanks

[2015-12-09 21:44 UTC] yohgaki@php.net

@laruence

We get this kind of report that complaining file/line info is not displayed on save handler error on occasions, but we cannot get file/line info at the code.

The most common error is save path permission (wrong or non existent dir) and file permissions (user uses multiple account for session data) 

How about

 Warning: session_write_close(): Failed to write session data (user). Verify session.save_path(/tmp) current setting and account has correct permission. Access to session data by multiple user accounts may cause this error because of file access permission also. File and line number is not displayed due to implementation limitation.

This is rather long, but user may understand what is going on at least.
Any suggestions are appreciated.

[2015-12-09 22:46 UTC] claytonsmith at outlook dot com

Is there not a way to know that it is using a custom session handler?  If the default write behavior is overridden it can show an error at least mentioning that the session write failed due to an error in the custom session handler.  If it's not using a custom session handler, or if it is known that the default session write handler is called, it would then produce one of your suggested error messages.

Mentioning session.save_path in the error message on a custom session handler has nothing to do with the overridden behavior.

[2015-12-09 23:15 UTC] claytonsmith at outlook dot com

If it using a custom session handler it could say:
"An error occurred when writing session data (%s)"

Laurence:
If the error message is ""Failed to write session data (%s)" it will still be confusing because if you google that error people will find every reference to the 'old' error message that contains the same string.

[2016-01-18 03:05 UTC] yohgaki@php.net

Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05e87fa41855c58de6435eb1c80a1bc6454362f7
Log: Fixed bug #71070 Custom session handler write method returns false, warning message misleading This is commited to master only. If you have better error message suggestion, feel free to improve it.

[2016-01-18 03:05 UTC] yohgaki@php.net

-Status: Assigned +Status: Closed

[2016-04-18 09:30 UTC] bwoebi@php.net

Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05e87fa41855c58de6435eb1c80a1bc6454362f7
Log: Fixed bug #71070 Custom session handler write method returns false, warning message misleading This is commited to master only. If you have better error message suggestion, feel free to improve it.

[2016-07-20 11:34 UTC] davey@php.net

Automatic comment on behalf of yohgaki
Revision: http://git.php.net/?p=php-src.git;a=commit;h=05e87fa41855c58de6435eb1c80a1bc6454362f7
Log: Fixed bug #71070 Custom session handler write method returns false, warning message misleading This is commited to master only. If you have better error message suggestion, feel free to improve it.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Nov 22 06:01:30 2024 UTC