Bug #92864
closedUpgrading from 9.5.22 to 9.5.23 and get errors on accessing Maintenance Modul
0%
Description
Running on PHP 7.4.11
Accessing the Maintenance modul -> enter my password
PHP Warning: session_set_save_handler(): Cannot change save handler when session is active in /var/www/typo3_source/typo3_src-9.5.23/typo3/sysext/install/Classes/Service/SessionService.php line 82
Accessing the Maintenance modul -> Use Install Tool password instead -> enter IT password -> works
Files
Updated by Claus Harup about 4 years ago
Updated by Rene Tobias about 4 years ago
I have similar problem. I get this: Checking session and executing silent configuration update but notting happens
If i look at network i get: typo3/install.php?install[controller]=layout&install[context]=backend&install[action]=executeSilentConfigurationUpdate&_=1605691062576 status 500
Updated by Oliver Hader about 4 years ago
- Related to Task #92836: Introduce Sudo Mode for Install Tool added
Updated by Oliver Hader about 4 years ago
Claus: My guess: phpMyAdmin is installed, correct? If not, can you please search for session_start
in any of the extensions (probably some external auth service)?
Rene: Can you please share the content of that 500 HTTP error response - e.g some exception stack track?
Thanks!
Updated by Oliver Hader about 4 years ago
- Status changed from New to Needs Feedback
Updated by Christoph Werner about 4 years ago
Hi,
clearing cache might help (did in my case with an TYPO3 9).
Best,
Christoph
Updated by Hannes Strangmeier about 4 years ago
I can confirm that the phpmyadmin-extension can cause this error.
- 9.5.23 + introduction package -> no error
- installing phpmyadmin + clearing all caches -> error occurs
- deinstalling phpmyadmin + clearing all caches -> error is gone
Updated by Rene Tobias about 4 years ago
- File Zajeta slika.JPG Zajeta slika.JPG added
@Oliver Hader i dont get any response, no logs in typo3 or httpd/php log.
If i turn on debug mode i just get infinite loop loading this xhr
See screenshot
Updated by Claus Harup about 4 years ago
@Oliver: phpmyadmin is NOT installed and will never be :-)
I have session_start in one of my extensions for some 2 factor SMS AuthenticationService..... - removing that I have no problems.....
Any pointers to get around that issue?
Updated by Oliver Hader about 4 years ago
Just for the records (we talked about these aspects via DM on Slack):
TYPO3-PSA-2020-002 referenced https://docs.typo3.org/c/typo3/cms-core/master/en-us/Changelog/9.5.x/Important-92836-IntroduceSudoModeForInstallToolAccessedViaBackend.html
The documentation contains a link to a pull-request in an extension implementing 2FA - see https://github.com/derhansen/sf_yubikey/pull/45/files
The basic idea is, that 2FA authentication only shall intercept the authentication process when it's actually a "login request" to create a new user session. For the scenario with Sudo Mode this session does already exist and shall be verified again.
GitHub uses a similar process when one tries to modify repository settings - when having 2FA at GitHub, they request the password again, but not the 2nd factor verification.
Updated by Oliver Hader about 4 years ago
Rene: Thanks for providing details. It looks like there's a 2FA or remote authentication extension involved which cannot continue. Basically some service registering `auth` sub-service in their `ext_localconf.php` file.
Hannes: Thanks for the feedback. The (from my point of view) relevant change was in https://review.typo3.org/c/Packages/TYPO3.CMS/+/66634/5/typo3/sysext/install/Classes/Service/SessionService.php#100 - before this it just should have issue a 500 HTTP error (which probably was caught and silenced). I'll check with ext:phpmyadmin as well...
Updated by Rene Tobias about 4 years ago
@Oliver, we dont have nothing like this :/, only thing that pop in my mind is that we have this T3 instance behind reverseproxy, so i tried to upgrade T3 instance on our DEV server (with no reverseproxy), and everything works ok.
Any idea/tip how to solve this?
Updated by Claus Harup about 4 years ago
Update
I had session_start in a Multi Factor Authentication extension, which caused the problem.
Rewriting my functionality to use database fields instead of $_SESSION solved the the problem....
Thx, Oliver Hader
Updated by Oliver Hader about 4 years ago
Rene: That's strange... before introducing the Sudo Mode SessionService
already stopped when the SID
constant was set (see https://review.typo3.org/c/Packages/TYPO3.CMS/+/66633/8/typo3/sysext/install/Classes/Service/SessionService.php#89). So I guess(!) the problem was there before - but now it's a PHP warning and previously it was an exception which (probably) was handled in some way.
Updated by Oliver Hader about 4 years ago
In general I think it makes sense to reorganize these things again to avoid using PHP sessions here and strive for a more generic approach - see WIP state at https://review.typo3.org/c/Packages/TYPO3.CMS/+/66792
Updated by Thomas Oliver Moll about 4 years ago
we experience the same problem on one installation. There phpmyadmin was installed, but removing it did not solve the Problem.
We have one additional extension containing "session_start()": VHS. Bit this is installed in other installations as well that do not show this problem.
after removing phpmyadmin I cleared the cache and dumped the autoloader information. Are there further steps I should take?
Updated by Oliver Hader about 4 years ago
Thomas Oliver Moll wrote in #note-17:
We have one additional extension containing "session_start()": VHS. Bit this is installed in other installations as well that do not show this problem.
Did you check whether the corresponding view-helper is used in your installation (https://github.com/FluidTYPO3/vhs/blob/21bf3a93218ebfef87db025458c5640e2a1e7196/Classes/ViewHelpers/Once/SessionViewHelper.php) - I'm pretty sure it is. And I'm wondering why VHS is not using TYPO3's session (data) handlers, but using a blunt session_start()
anywhere in the application flow, with creating and sending cookie headers in a view...
Updated by Benni Mack over 3 years ago
- Status changed from Needs Feedback to Closed
Closing this issue due to lack of feedback (and v9 is now in ELTS)
Updated by Oliver Heil over 3 years ago
Adding this information for others which may stumble over this when searching for
"typo3 1476107295: PHP Warning: session_set_save_handler"
I got this error, because I had extension "rsaauth" still activated, despite being "deprecated".
Deactivating this extensions solved this issue for me.