#1972 (ok 2.8.0-rc2) warning on session autostart=1

Latest_Git
fixed
Marc Delisle
1
2013-06-11
2006-01-22
Ben Mulder
No

On winXp/IIS/php 5.1.1 and RedHat/Apache2/php 5.1.3:

when in php.ini:
; Initialize session on request startup.
session.auto_start = 1

an error is raised (but not shown) who results in a
header-error:

Warning: ini_set() [function.ini-set]: A session is
active. You cannot change the session module's ini
settings at this time.
in /usr/local/apache2/htdocs/phpMyAdmin/libraries/sessi
on.inc.php on line 46

If set back to 0:
everything goes fine.....

see also my posts on Help and Support Requests!

Discussion

  • Logged In: YES
    user_id=326580

    i don't think that PMA should run with session autostart enabled

    systems, with session autostart enabled sharing one session
    over all applications running on this system, every
    application using sessions on this system have to share the
    same namespace in $_SESSION, this can lead into big trouble,
    not only with PMA, it also widens security holes in one app
    into all all other apps

    also it is not possible to store obejcts in the session with
    autostart enabled, as the classes must be loaded before the
    session starts.

     
  • Ben Mulder
    Ben Mulder
    2006-01-25

    Logged In: YES
    user_id=1428393

    You're right. I implemented separate sessions in my sites,
    so i do'nt need the session_autostart any more.

    But please note this setting in the documentation, specific
    in the -somewhat tricky- windows-section.
    After 4 hours iis-trying (and mutch cgi-errors) i decided
    that PMA was not stable. Later, on RedHat i discovered the
    behaviour of this discussion. So: warn in advance, keep
    users happy :-))

     
  • Ben Mulder
    Ben Mulder
    2006-01-25

    Logged In: YES
    user_id=1428393

    You're right. I implemented separate sessions in my sites,
    so i do'nt need the session_autostart any more.

    But please note this setting in the documentation, specific
    in the -somewhat tricky- windows-section.
    After 4 hours iis-trying (and mutch cgi-errors) i decided
    that PMA was not stable. Later, on RedHat i discovered the
    behaviour of this discussion. So: warn in advance, keep
    users happy :-))

     
    • summary: session autostart=1 --> warning on session autostart=1
    • labels: 509095 --> Security / Restrictions
    • status: open --> open-accepted
     
  • Logged In: YES
    user_id=326580

    next release (after 2.8 which has feuture freeze) we will
    add a user note if session auto start is on

     
  • Marc Delisle
    Marc Delisle
    2006-02-09

    Logged In: YES
    user_id=210714

    Sebastian,
    we already got 3 bug reports about this. If we really can't
    fix it for 2.8.0, I think we'll have to add a warning in
    English about this.

     
  • Ben Mulder
    Ben Mulder
    2006-02-10

    Logged In: YES
    user_id=1428393

    Because I put earlier on support this question I got an
    answer there -works on apache- that can be usefull:
    Comment By: Daniel Marschall (blackdrake)
    Date: 2006-02-10 01:19

    Message:
    Logged In: YES
    user_id=1008322

    Just make a .htaccess with following content to disable
    session-autostart:

    php_flag session.auto_start 0

     
  • Marc Delisle
    Marc Delisle
    2006-02-10

    • assigned_to: nobody --> lem9
     
  • Marc Delisle
    Marc Delisle
    2006-02-10

    • priority: 5 --> 1
    • summary: warning on session autostart=1 --> (ok 2.8.0-beta2) warning on session autostart=1
    • status: open-accepted --> open-fixed
     
  • Marc Delisle
    Marc Delisle
    2006-02-10

    Logged In: YES
    user_id=210714

    Thanks, I implemented .htaccess in main directory, this will
    fix the case of Apache. The message Sebastian added will
    show a warning for other servers

     
  • Logged In: YES
    user_id=30264

    Can't you close the autostarted session or restart your own
    session?

     
  • Marc Delisle
    Marc Delisle
    2006-02-24

    Logged In: YES
    user_id=210714

    See attached new session.inc.php version for my attempt at
    closing the (auto-started) session. It does not work, I get
    "Session object destruction failed". Maybe someone can debug
    it or explain what is going wrong. Tested on PHP 5.1.2.

     
  • Marc Delisle
    Marc Delisle
    2006-02-26

    • priority: 1 --> 4
    • summary: (ok 2.8.0-beta2) warning on session autostart=1 --> warning on session autostart=1
    • status: open-fixed --> open-accepted
     
  • Marc Delisle
    Marc Delisle
    2006-02-26

    second test version for libraries/session.inc.php

     
    Attachments
  • Marc Delisle
    Marc Delisle
    2006-02-26

    Logged In: YES
    user_id=210714

    Everyone, please test the attached marc2.zip. This version
    works on my systems with session.auto_start enabled, on PHP
    4.3.4 and 5.1.2. Don't forget to deactivate your .htaccess
    in the main directory.

     
  • Isaac Bennetch
    Isaac Bennetch
    2006-03-01

    Logged In: YES
    user_id=835650

    Works for me also with autostart 0 and 1 (PHP 4.4.2),
    though my configuration is rather standard otherwise.

     
  • Marc Delisle
    Marc Delisle
    2006-03-02

    Logged In: YES
    user_id=210714

    Merged for the upcoming 2.8.0-rc2.

     
  • Marc Delisle
    Marc Delisle
    2006-03-02

    • summary: warning on session autostart=1 --> (ok 2.8.0-rc2) warning on session autostart=1
    • priority: 4 --> 1
    • status: open-accepted --> open-fixed
     
  • Marc Delisle
    Marc Delisle
    2006-03-06

    • status: open-fixed --> closed-fixed
     
  • Michal Čihař
    Michal Čihař
    2013-06-11

    • Status: closed-fixed --> fixed