PHP v7.4.8 error message on successful login

rodneys_mission · August 11, 2020, 7:35pm

Describe the problem you’re having:

I see this in the system log:

Message
E_WARNING (2) classes/handler/public.php:683 session_set_cookie_params(): Cannot change session cookie parameters when session is active1. classes/handler/public.php(683): session_set_cookie_params(0)
2. public.php(35): login()

Request URI: /tt-rss/public.php?return={...url snip...}
User agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4229.0 Safari/537.36|

If possible include steps to reproduce the problem:

Open incognito window
Login to tt-rss
Logout of tt-rss
Close incognito window
Open incognito window
Login to tt-rss

Not sure if it takes doing that twice; it seems like logging into tt-rss w/ no cookies set is sufficient. But this is when I see it.

tt-rss version (including git commit id):

commit 2b50aaed6127a2cac3654f1673782f1e52dd7007 (HEAD → master, origin/master, origin/HEAD)

Platform (i.e. Linux distro, PHP, PostgreSQL, etc) versions:

gentoo updated with latest emerge sync. x86_64 Intel(R) Xeon(R) CPU E5-2697 v4 @ 2.30GHz GenuineIntel GNU/Linux

Please provide any additional information below:

I think this is a change in php 7.2; it was always a bug (I think) and it is only now being written to stdout.

$ php -v
PHP 7.4.8 (cli) (built: Aug  3 2020 19:09:41) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.8, Copyright (c), by Zend Technologies

ref: PHP 7.2 Warning: "Cannot change session name when session is active" - Stack Overflow

fox · August 12, 2020, 8:42am

thanks for reporting this; i don’t think this warning is a big deal (other than maybe changing “remember me” not working as intended if cookie already exists?). removing session cookie on logout should take care of it, i think.

e: for me, sid cookie is removed correctly on logout. if no cookie exists before login, session shouldn’t autostart before login method is actually called so i’m kinda not sure how would one run into this warning.

rodneys_mission · August 13, 2020, 2:18am

I always logout so I don’t know why I keep getting these.

I don’t think it is a big issue, but it would be nice to at least silence them. I see the warning icon for recent entries in the system event log almost constantly now. : /

fox · August 13, 2020, 3:29am

you can try deleting the sid cookie manually in developer console, maybe it got stuck somehow (??).

the usual way is adding @ in front of the function (session_set_cookie_params), but it doesn’t always work. try adding it in public.php, if it hides the warning i’ll push this to trunk.

as a different sort of workaround, maybe login form should force delete the session cookie when it shows. i can’t replicate the cookie being stuck though and tbh i very rarely login.

rodneys_mission · August 13, 2020, 4:49pm

I added the @ sign. I’ll let it run for a while and see. I use tt-rss, among other places, on my set top box and so I login often. But I always use incognito mode so that makes this message even more strange.

fox · August 13, 2020, 5:01pm

yeah, if you always use incognito mode (and close the window) then you shouldn’t have any preexisting cookies so session shouldn’t be autostarted before you actually login. i dunno about this, might be a bug somewhere.

rodneys_mission · August 14, 2020, 4:05pm

@ sign seems to have silenced the error for the last day. Filed a PR.