Skip to main content
Topic: 1.0.9 loosing session (Read 5468 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

1.0.9 loosing session

I installed 1.0.9 today and since then I often loose my session and I get logged out. A second user wrote me, he experienced the same.

Anyone around here with 1.0.9 and the same problem?

Re: 1.0.9 loosing session

Reply #1

Not yet. I'll inform if there's any such a behaviour.

Re: 1.0.9 loosing session

Reply #2

I haven't seen this problem with 1.0.8 or 1.0.9 except in conjunction with a mod I use.  Are you using any mods that alter the session or login information?  The function used to decode the cookie / session was changed so my code was failing to correctly pull out the time remaining before logout.  I updated to use the new function and it has been fine.

Re: 1.0.9 loosing session

Reply #3

With 1.0.9 the only change related to sessions is that the database entry of the session is updated at each page load.
If you told me that passing to 1.0.8 you had this problem I could understand, in 1.0.8 the session-related functions changed a bit and I even had some issues myself on my localhost.

So, check if the problem is 1.0.9 is rather easy: open the file sources/Session.php and find the line:
Code: [Select]
$_SESSION['mictrotime'] = microtime();
and remove it, or change it to:
Code: [Select]
// $_SESSION['mictrotime'] = microtime();
Bugs creator.
Features destroyer.
Template killer.

Re: 1.0.9 loosing session

Reply #4

If you're asking me, yes my mod had the problem starting with 1.0.8.  Easy fix though.

Re: 1.0.9 loosing session

Reply #5

Quote from: scripple – I haven't seen this problem with 1.0.8 or 1.0.9 except in conjunction with a mod I use.  Are you using any mods that alter the session or login information?

I don't think so. The mods I am using are:

AEVA BBCode replacement
AmazonAffiliate4ElkArte
Descriptive Links
Google Member Map
Inline Attachments
Recent Topics
Topic Author

Quote from: emanuele – So, check if the problem is 1.0.9 is rather easy: open the file sources/Session.php and find the line:
Code: [Select]
$_SESSION['mictrotime'] = microtime();
and remove it, or change it to:
Code: [Select]
// $_SESSION['mictrotime'] = microtime();

Done. What does this do? What should I look for now?

Re: 1.0.9 loosing session

Reply #6

That bit does basically nothing.
The reason is there is that php 7 is become more strict on the returned values of the custom session handlers. Elk (and likely SMF) when writing a session does an UPDATE query, if the session data did not change, this result in a number of affected rows equal to zero, and the function returns false. At that point, the false means to php that the session failed to write and logs you out.
Using microtime, basically forces the UPDATE to always change the row in the database and return always true.

Well, you should look for not being logged out? ;)
Bugs creator.
Features destroyer.
Template killer.

Re: 1.0.9 loosing session

Reply #7

Quote from: emanuele – Using microtime, basically forces the UPDATE to always change the row in the database and return always true.

Hm... Should microtime then not be active? I commented it out now?

 

Re: 1.0.9 loosing session

Reply #8

I told you to remove it.

If you had problems with sessions starting from 1.0.9, this is the only change that affected sessions in that update, so it is the only candidate being the cause of the issue.
If removing it solves the issue, it means we need to find another way to fix php 7 without breaking other php versions.
Bugs creator.
Features destroyer.
Template killer.

Re: 1.0.9 loosing session

Reply #9

I thought that removing (or commenting out) this line of code deactivates the microtime? Am I wrong?

Re: 1.0.9 loosing session

Reply #10

Yes.
It does.
And it reverts back to the 1.0.8 behaviour, that according to your report was working fine.
Did I got it wrong?
Bugs creator.
Features destroyer.
Template killer.

Re: 1.0.9 loosing session

Reply #11

I think not. I was just confused that I should activate microtime with deleting the line of code to do so.  ;)

Hm, maybe I am wrong and you want me to deactivate microtime instead? Will someone please kidnap me then?  :-[

Re: 1.0.9 loosing session

Reply #12

Yes, I want to disable the change that was made, to see if the change is the cause of the error. ;)
Bugs creator.
Features destroyer.
Template killer.

Re: 1.0.9 loosing session

Reply #13

I don't get it. lol The code is commented out. Let's see what happens.

Re: 1.0.9 loosing session

Reply #14

For the time being, I think the code can be made conditional on php version. Maybe we can use php compare like this:

Code: [Select]
if (version_compare(phpversion(), '7.0.0', '>='))
 $_SESSION['mictrotime'] = microtime();