Project

General

Profile

Actions

Bug #92864

closed

Upgrading from 9.5.22 to 9.5.23 and get errors on accessing Maintenance Modul

Added by Claus Harup over 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
Install Tool
Target version:
Start date:
2020-11-17
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
9
PHP Version:
7.4
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:

Description

Running on PHP 7.4.11

Accessing the Maintenance modul -> enter my password


PHP Warning: session_set_save_handler(): Cannot change save handler when session is active in /var/www/typo3_source/typo3_src-9.5.23/typo3/sysext/install/Classes/Service/SessionService.php line 82

Accessing the Maintenance modul -> Use Install Tool password instead -> enter IT password -> works


Files

Screenshot 2020-11-17 173921.png (86.6 KB) Screenshot 2020-11-17 173921.png Claus Harup, 2020-11-17 16:39
Zajeta slika.JPG (119 KB) Zajeta slika.JPG Rene Tobias, 2020-11-19 08:35

Related issues 1 (1 open0 closed)

Related to TYPO3 Core - Task #92836: Introduce Sudo Mode for Install ToolUnder ReviewOliver Hader2020-11-13

Actions
Actions #2

Updated by Georg Ringer over 3 years ago

  • Is Regression set to Yes
Actions #3

Updated by Rene Tobias over 3 years ago

I have similar problem. I get this: Checking session and executing silent configuration update but notting happens

If i look at network i get: typo3/install.php?install[controller]=layout&install[context]=backend&install[action]=executeSilentConfigurationUpdate&_=1605691062576 status 500

Actions #4

Updated by Oliver Hader over 3 years ago

  • Related to Task #92836: Introduce Sudo Mode for Install Tool added
Actions #5

Updated by Oliver Hader over 3 years ago

Claus: My guess: phpMyAdmin is installed, correct? If not, can you please search for session_start in any of the extensions (probably some external auth service)?

Rene: Can you please share the content of that 500 HTTP error response - e.g some exception stack track?

Thanks!

Actions #6

Updated by Oliver Hader over 3 years ago

  • Status changed from New to Needs Feedback
Actions #7

Updated by Christoph Werner over 3 years ago

Hi,
clearing cache might help (did in my case with an TYPO3 9).
Best,
Christoph

Actions #8

Updated by Hannes Strangmeier over 3 years ago

I can confirm that the phpmyadmin-extension can cause this error.

  • 9.5.23 + introduction package -> no error
  • installing phpmyadmin + clearing all caches -> error occurs
  • deinstalling phpmyadmin + clearing all caches -> error is gone
Actions #9

Updated by Rene Tobias over 3 years ago

@Oliver Hader i dont get any response, no logs in typo3 or httpd/php log.

If i turn on debug mode i just get infinite loop loading this xhr

See screenshot

Actions #10

Updated by Claus Harup over 3 years ago

@Oliver: phpmyadmin is NOT installed and will never be :-)

I have session_start in one of my extensions for some 2 factor SMS AuthenticationService..... - removing that I have no problems.....

Any pointers to get around that issue?

Actions #11

Updated by Oliver Hader over 3 years ago

Just for the records (we talked about these aspects via DM on Slack):

TYPO3-PSA-2020-002 referenced https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Important-92836-IntroduceSudoModeForInstallToolAccessedViaBackend.html

The documentation contains a link to a pull-request in an extension implementing 2FA - see https://github.com/derhansen/sf_yubikey/pull/45/files

The basic idea is, that 2FA authentication only shall intercept the authentication process when it's actually a "login request" to create a new user session. For the scenario with Sudo Mode this session does already exist and shall be verified again.

GitHub uses a similar process when one tries to modify repository settings - when having 2FA at GitHub, they request the password again, but not the 2nd factor verification.

Actions #12

Updated by Oliver Hader over 3 years ago

Rene: Thanks for providing details. It looks like there's a 2FA or remote authentication extension involved which cannot continue. Basically some service registering `auth` sub-service in their `ext_localconf.php` file.

Hannes: Thanks for the feedback. The (from my point of view) relevant change was in https://review.typo3.org/c/Packages/TYPO3.CMS/+/66634/5/typo3/sysext/install/Classes/Service/SessionService.php#100 - before this it just should have issue a 500 HTTP error (which probably was caught and silenced). I'll check with ext:phpmyadmin as well...

Actions #13

Updated by Rene Tobias over 3 years ago

@Oliver, we dont have nothing like this :/, only thing that pop in my mind is that we have this T3 instance behind reverseproxy, so i tried to upgrade T3 instance on our DEV server (with no reverseproxy), and everything works ok.

Any idea/tip how to solve this?

Actions #14

Updated by Claus Harup over 3 years ago

Update

I had session_start in a Multi Factor Authentication extension, which caused the problem.
Rewriting my functionality to use database fields instead of $_SESSION solved the the problem....

Thx, Oliver Hader

Actions #15

Updated by Oliver Hader over 3 years ago

Rene: That's strange... before introducing the Sudo Mode SessionService already stopped when the SID constant was set (see https://review.typo3.org/c/Packages/TYPO3.CMS/+/66633/8/typo3/sysext/install/Classes/Service/SessionService.php#89). So I guess(!) the problem was there before - but now it's a PHP warning and previously it was an exception which (probably) was handled in some way.

Actions #16

Updated by Oliver Hader over 3 years ago

In general I think it makes sense to reorganize these things again to avoid using PHP sessions here and strive for a more generic approach - see WIP state at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792

Actions #17

Updated by Thomas Oliver Moll over 3 years ago

we experience the same problem on one installation. There phpmyadmin was installed, but removing it did not solve the Problem.

We have one additional extension containing "session_start()": VHS. Bit this is installed in other installations as well that do not show this problem.

after removing phpmyadmin I cleared the cache and dumped the autoloader information. Are there further steps I should take?

Actions #18

Updated by Oliver Hader over 3 years ago

Thomas Oliver Moll wrote in #note-17:

We have one additional extension containing "session_start()": VHS. Bit this is installed in other installations as well that do not show this problem.

Did you check whether the corresponding view-helper is used in your installation (https://github.com/FluidTYPO3/vhs/blob/21bf3a93218ebfef87db025458c5640e2a1e7196/Classes/ViewHelpers/Once/SessionViewHelper.php) - I'm pretty sure it is. And I'm wondering why VHS is not using TYPO3's session (data) handlers, but using a blunt session_start() anywhere in the application flow, with creating and sending cookie headers in a view...

Actions #19

Updated by Benni Mack over 2 years ago

  • Status changed from Needs Feedback to Closed

Closing this issue due to lack of feedback (and v9 is now in ELTS)

Actions #20

Updated by Oliver Heil over 2 years ago

Adding this information for others which may stumble over this when searching for
"typo3 1476107295: PHP Warning: session_set_save_handler"

I got this error, because I had extension "rsaauth" still activated, despite being "deprecated".
Deactivating this extensions solved this issue for me.

Actions

Also available in: Atom PDF