I installed 1.0.9 today and since then I often loose my session and I get logged out. A second user wrote me, he experienced the same.
Anyone around here with 1.0.9 and the same problem?
Not yet. I'll inform if there's any such a behaviour.
I haven't seen this problem with 1.0.8 or 1.0.9 except in conjunction with a mod I use. Are you using any mods that alter the session or login information? The function used to decode the cookie / session was changed so my code was failing to correctly pull out the time remaining before logout. I updated to use the new function and it has been fine.
With 1.0.9 the only change related to sessions is that the database entry of the session is updated at each page load.
If you told me that passing to 1.0.8 you had this problem I could understand, in 1.0.8 the session-related functions changed a bit and I even had some issues myself on my localhost.
So, check if the problem is 1.0.9 is rather easy: open the file sources/Session.php and find the line:
$_SESSION['mictrotime'] = microtime();
and remove it, or change it to:
// $_SESSION['mictrotime'] = microtime();
If you're asking me, yes my mod had the problem starting with 1.0.8. Easy fix though.
I don't think so. The mods I am using are:
AEVA BBCode replacement
AmazonAffiliate4ElkArte
Descriptive Links
Google Member Map
Inline Attachments
Recent Topics
Topic Author
Done. What does this do? What should I look for now?
That bit does basically nothing.
The reason is there is that php 7 is become more strict on the returned values of the custom session handlers. Elk (and likely SMF) when writing a session does an UPDATE query, if the session data did not change, this result in a number of affected rows equal to zero, and the function returns false. At that point, the false means to php that the session failed to write and logs you out.
Using microtime, basically forces the UPDATE to always change the row in the database and return always true.
Well, you should look for not being logged out? ;)
Hm... Should microtime then not be active? I commented it out now?
I told you to remove it.
If you had problems with sessions starting from 1.0.9, this is the only change that affected sessions in that update, so it is the only candidate being the cause of the issue.
If removing it solves the issue, it means we need to find another way to fix php 7 without breaking other php versions.
I thought that removing (or commenting out) this line of code deactivates the microtime? Am I wrong?
Yes.
It does.
And it reverts back to the 1.0.8 behaviour, that according to your report was working fine.
Did I got it wrong?
I think not. I was just confused that I should activate microtime with deleting the line of code to do so. ;)
Hm, maybe I am wrong and you want me to deactivate microtime instead? Will someone please kidnap me then? :-[
Yes, I want to disable the change that was made, to see if the change is the cause of the error. ;)
I don't get it. lol The code is commented out. Let's see what happens.
For the time being, I think the code can be made conditional on php version. Maybe we can use php compare like this:
if (version_compare(phpversion(), '7.0.0', '>='))
$_SESSION['mictrotime'] = microtime();
I'd prefer to understand where the problem is first. :)
One thing I forgot to ask
@Jorin is: what version of php are you using?
/me assumed it's 5.x but it may be a wrong assumption
PHP 5.3.28.
Is this still happening?
Did you comment out the microtime string or not?
I did comment out. The problem seems to be gone. Never happened again after commenting out.