PHP session_start(); has started hanging the server - php

I have a DMZ set up with a web server and an application server, both running Ubuntu under gnome (v11.04 on the web server and v11.10 on the application server). session_start() has started hanging on the application server. The code is located on the application server and it does not hang when I access my web site and access the page with the session_start() call on it. It seems that every session_start() has started hanging on the application server although I have no problems with the associated pages when I access them from other computers or across the web. Also I have only just started having this problem on the application server without having made any changes to my php code. Could it be that some buffer has filled up and needs to be cleared?
I tried editing /etc/php5/apache2/php.ini and setting
session.save_path = "/tmp"
/tmp exists.
But I still have the problem. I can stop it hanging by preceding session_start() with session_end() but then it does not execute the remaining PHP or html code in the file.
/var/log/apache2/error.log included the following message:
PHP Notice: A session had already been started - ignoring session_start() in
/var/www/DraculaPgm.php on line 101, referer:
http://MyWebSite.com/ApplicationServer/Dracula.php
Any assistance with this would be greatly appreciated,
Peter.
Update 29-Dec-2012
Thank you to everyone who replied to this question. Unfortunately, I tried all of the suggestions and 'session_start()' still hangs. However, if I leave it for a few minutes, it breaks with the following error message.
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /ApplicationServer/Dracula.php.
Reason: Error reading from remote server
Apache/2.2.17 (Ubuntu) Server at MyWebSite.com Port 80
I have squid installed on the web server. Could this be a problem?
Thanks,
Peter

This sounds like a configuration issue. Make sure that PHP is reporting all errors, i.e., error_reporting(E_ALL) and either display or log all errors. (You might even want to enable display_startup_errors in your php.ini) - reporting all errors may shed light on what's going on. (if you need help you can post any errors that you get from this as an edit) You may want to look at the following as well for troubleshooting the issues with sessions:
When using /dev/random as session entropy file
When page is calling itself with the same session
Alternatively if none of those show anything you may want to read over the bug report at https://bugs.php.net/bug.php?id=28856&edit=1 depending on what version of PHP you are running.

I changed 'session_start()' to the following block.
if(!isset($_SESSION))
{
session_destroy();
session_start();
}
I now do not have the problem. I am hesitant to say that it fixed the problem since it did not seem to fix it right away.
Thank you to everyone for your help,
Peter.

Try changing the permission of the /tmp folder by doing chmod 777 /tmp and check if its working.If its working then change the permission mode to make it more secure
Try checking out this Question I call session_start() the script hangs and nothing happens
And this http://www.projectpier.org/node/1934
"It seems that the session file is opened exclusively. On some
occasions (Windows) I have found that the file lock is not released
properly for whatever reason, therefore causing session_start() to
hang infinitely on any future script executions. My way round this
problem was to use session_set_save_handler() and make sure the write
function used fopen($file, 'w') instead of fopen($file, 'x')"
You can find many others having the same problem and their workarounds if you go through http://php.net/manual/en/function.session-start.php

if(!isset($_SESSION))
{
session_start();
}
Use this at the top of your PHP file!
And for your info: session_destroy() is used to end session.

Before anything else - try another browser!
I just encountered this session_start problem. I checked my tmp folder and everything and I was about to call my hosting-provider until I thought I should try another browser first because it might have to do with session cookies.
I work with chrome, so I tested in IE and found that it was indeed the case: It worked in another browser!
I closed IE ;) - went back to chrome, looked for the cookie (PHP_SESS_ID), deleted it and everything works again!
Well, the good part is - Just like you guys I got to brush up my knowledge of -jay- sessions! ;)

Related

PHP Session Start Fatal error: Can't use function return value in write | Following Extensive Troubleshooting

Fatal error: Can't use function return value in write on line 3
I've looked extensively for an answer to my specific situation with no progress. Please review what I've already tried and I've included my VPS global php.ini file. No php.ini files exist within the website root.
<?php
session_start();
?>
<!DOCTYPE html>
<html>
I have no idea how that's possible. Please check out what I've already done to try to solve the problem.
Problem originated when I was unable to pass variables to another page using
$_SESSION['$example'] variables with no luck. But I'll worry about that next.
VPS System Specs Currently (Servers/Networks Are Not My Strong Area)
Apache 3 on CentOS 6.8
Default PHP Version | 5
PHP 5 Handler | suPHP
Apache suEXEC | off
Apache Ruid2 | off
Default PHP Version (.php files) | 5
PHP 5 Handler | suPHP
Attempted Solutions
Disabled .htaccess
.htaccess contains
***suPHP_ConfigPath /***
Header append Vary User-Agent
Prior to disabling:
Removed All 301 Rewrite Rules as I've read they interfere with
sessions
Disabled Error Documents
Ensure No Whitespaces Following session_start();
Caching
Turned off all caching through WHM (that I'm aware of)
Tested both Firefox and Chrome before and after clearing history/cookies/cache/etc
Deleted CloudFlare service for this domain
Additional Information
I Don't have a php.ini file since I use a VPS (in case anyone was wondering)
I use php on almost every other page.
Here is an example of the first few lines of another page.
<?php
session_start();
$ip = $_SERVER['REMOTE_ADDR'];
//Version 1.75
The above code is just the first few lines but the page executes fine without issue. It should be noted that this is a redirect page following a PayPal payment to my website. This issue is recent and previously it has worked fine.
It should also be noted that I use session_write_close(): session_unset(); and session_destroy(); on appropriate pages to unset all $_SESSION variables and terminate sessions.
Below is a link to the php.ini file as text if that helps. The domain contained in the link is not the domain with the issue. I'm not attempting to be "shifty" about the domain with the issue, I just don't want people using the service when it's not working properly.
Global PHP INI File As Text Document
Anyone who solves this, I owe you!
-Andrew
Solved Accidentally
I solved the issues, but still don't know what was causing the Fatal Error
Fatal error: Can't use function return value in write on line 3
$_SESSION variables didn't pass between pages.
I solved both the Fatal Error issue and the $_SESSION variables problem by doing one thing. For some, this may be standard procedure, but I am self-taught and this did not occur to me. I was making changes to the PHP advanced configuration in WHM and never did not see any changes as a result.
I was banging my head against the wall for two days trying every solution I read in the forums.
Apache Server Restart
I never restarted my Apache Server during this time, both issues were resolved.
While this solution may seem rudimentary or common practice for some, it's easy to overlook. I read at least 30 different forum posts on Stack Overflow and other sites. Not one suggested an Apache Restart as a method to check.
PHP Configuration
I changed my PHP configuration as listed below and my sessions variables were passing.
session.use_cookies = 1
session.use_only_cookies = 1
session.use_trans_sid = 0
Thank you for everyone who took the time to look at this.
Sincerely, Andrew

Can't log in to mediawiki: canceled as a precaution against session hijacking?

I'm using a private mediawiki hosted on AWS EC2 instance for years
I thought something gone wrong with some extension, specifically stopping in the middle of math rendering, so I tried to reload the page with Google Chrome browser's cache were all erased.
Right after that, I can't log in seeing this message "There seems to be a problem with your login session; this action has been canceled as a precaution against session hijacking. Go back to the previous page, reload that page and then try again."
I tried,
1. restart apache server
2. tried MediaWiki sessions and cookies not working on multi-server behind CloudFlare
3. tried Mediawiki, can't login after password change
4. tried "go in your LocalSettings.php and at the end add the following code of line :session_save_path("tmp");Create a folder "tmp" in your wiki installation directory. give rights 777 (permissions)" as in https://www.mediawiki.org/wiki/Topic:Pjby0sdeg3e60rfy
5. checked the server's hard disk storage, but it has free space of way more than 3.5gb.
How do I fix this and is there any way of disabling this really helpful "PRECAUTION" feature?
Adding $wgSessionCacheType = CACHE_DB; to LocalSettings.php solves the problem. No need to change $wgMainCacheType.
This works, without the "precaution against session hijacking" error:
$wgMainCacheType = CACHE_ACCEL;
$wgSessionCacheType = CACHE_DB;
Turned out to be something went wrong with cache settings in LocalSettings.php. Resolved after removing (almost all) customized cache settings.
MediaWiki authentication and session handling has been rewritten for 1.27; see announcement (the last section). Session hijacking warnings mean the CSRF token you are submitting was not found in the session, which in turn usually means the session storage is configured wrong.
Twice now, we started getting this error after the server ran out of space. Turns out, both times it was because the objectcache table had been corrupted.
To fix it, just run the SQL statement (e.g. at a MySQL prompt):
REPAIR TABLE objectcache;

Migrated from Windows to Linux server, now getting session errors

I recently migrated from a Windows to Linux server... now I am getting a bunch of session warnings and some of the content is being loaded properly. On the Windows server, everything worked smooth and I never had any errors, as soon as the migration to Linux took place, I started getting session warnings such as the one below on every page that uses sessions.
I have no idea what I should try or where to begin to address these problems and would appreciate any advice.
I suspect that if session_start() was actully was the problem, I would have gotten a similar warning on the Windows server.
Also my site is hosted by goaddy and I do not have access to the php.ini file...
Warning: session_start() [function.session-start]: Cannot send session
cookie - headers already sent by (output started
at /home/content/12/9453412/html/mainsearch.php:32)
in /home/content/12/9453412/html/mainsearch.php on line 36
Your problem is, that in
/home/content/12/9453412/html/mainsearch.php line 32
(and possibly also in the following ones) you do some kind of output (echo, print, blanks outside of <?php ... ?> etc.), before you do session_start(); on line 36. This is not allowed, as session_start() wants to send headers which is not possible after some kind of output already occured.
Solution: Put your session_start(); to the top of your php file, or at least before you do any kind of output.
And Michael pointed out correctly that this didn't work correctly on you Windows server either, you just didn't know because error reporting was set not to display warnings.

php session variable value is null when hosted to server

i having a strange issue in sessions.. this is working in WAMP server in my local machine.. my problem is wen hosted to a server in US it's not working..
im doing like this:
session_start();
$_SESSION['test'] = 'testing login..';
in another page i'm doing:
session_start();
echo('my session value is : '.$_SESSION['test']);
but i'm getting only
my session value is :
my session value is not setting..
i checked the session.save_path in cPanel of the server it says /tmp.
pls help..
thanks in advance.
Maybe your script dies because session_start fails with "headers already sent" ? This could happen, for example, if your test machine and production server don't encode new lines the same way...
The errors are probably not displayed on your production server, try something like that :
ini_set('display_errors', 1);
session_start();
and see if you get something useful.
The php opening tag must be written at first line of a php file. This method help me to solve this problem.
Check the permissions on your session.save_path. This location will need to be writable by the Apache/httpd user.
Also check to see if you session.save_path contains any sess_ prefixed files.
thanks for all the help.
my issue was security permission in /tmp folder. once it rectified it's working.
mean time dont use only numeric for SESSION ids, (Eg. $_SESSION['12345']) because in linux hosting its not taking the numeric only index and skipping that. (so use $_SESSION['ACS12345'])..
Take a look at the way you created the file.
If you used auto language detection features, or something similar to create your file, then try creating a new PHP file. Copy your code and try again.
if you're using siteground as your hosting you will need to enable the auto session. follow this steps
Navigate to Dev
click on php manager
click on php variables
Load more until you find session.auto_start
Turn it to yes and you're good to go

WP E Commerce Safe Mode restriction error

I have my online shop, created with WP Ecommerce getting broken after I moved it to another server. I could be sure that the problem comes from WP Ecommerce because when I disable that plugin. Everything run as expected. This is the exact error message
Warning: session_start() [function.session-start]: SAFE MODE Restriction in effect. The script whose uid is 515 is not allowed to access /tmp owned by uid 0 in /home/mikalu/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/wpsc-constants.php on line 17
Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to initialize storage module: files (path: ) in /home/mikalu/public_html/wp-content/plugins/wp-e-commerce/wpsc-core/wpsc-constants.php on line 17
I've tried to turn off safe mode on my php configuration. nothing happens. the error's still there.
I thought it was some kind of permission issue, so I tried to change /tmp permission to 777. Nothing happens. I googled it some more and suspect it might have something to do with fastCGI configuration and stuff. Which I totally don't understand.
My googling result mostly suggest me to consult the web hosting provider or even to move to another host. But in this case, I am the owner of the server (VPS with cPanel/WHM). And I don't have any idea how to solve this kind of problem
Any help would be very much appreciated :)
edit: I'm not so sure of this is really a server issue. Because if it really server configuration issue on session save path. Then the whole wordpress shouldn't be working coz it obviously use some session too. The session problem only come from that particular wp-ecommerce script. That's why I post it here on stackoverflow too.
After your edit, it's more clear why you ask that question. Wordpress itself does not uses PHP session, so it's not causing the issue but those component you're using is using PHP sessions.
The PHP manual normally is a good start to understand safemode and how to disable it: http://php.net/manual/features.safe-mode.php
Additionally you should review your server configuration that it is safe instead. Safe-mode is unsafe. Hopefully your server ain't.

Categories