Comments (15)
trac user marcus wrote on 38929356-07-21
There should be nothing that does this however you may be falling victim of the elgg_fingerprint in session_init.
from elgg.
trac user marcin wrote on 38940186-03-19
Just to note, while developing a plugin I was able to replicate this problem.
on one page I set $_SESSION['my_var'] = 'dsds';
then depending which pages i click next, this var is lost inbetween.
from elgg.
trac user marcin wrote on 38941658-04-24
I've added
session_write_close();
just after setting SESSION var, and it helped, session var was persisted.
var seems to be lost somwhere in these functions :
elgg_view_title
elgg_view
elgg_view_layout
page_draw
what is funny though, is that it was only missing for specific content. In my case it couldnt save 233 int, others int like 18, 188, 114 were saved with no problem, really strange.
from elgg.
trac user marcus wrote on 38999856-07-20
To be clear, specific content is getting wiped? What variable names are you using?
from elgg.
trac user staticred wrote on 39016187-11-30
Define "content". No site content as I'd describe it (ie: data written to the screen) is affected. This effects only the $_SESSION variable.
To be more specific, the CAS authentication plugin works along the following lines. First, in order to interface with the external CAS server, a php library (phpCAS) is imported into the Elgg plugin. This library acts somewhat like a proxy for CAS authentication, checking the user against the CAS server and either passing them through to the CAS server for authentication (which returns the user back to the Elgg plugin) or reading the preexisting CAS authentication data from a cookie.
The phpCAS library makes use of an array stored in $_SESSION['phpcas'] to track the user's authentication status. Ennumerating the contents of $_SESSION in both the Elgg plugin and within engine/lib/sessions.php shows that the $_SESSION['phpcas'] is missing. The same test outside of Elgg 1.x shows the $_SESSION['phpcas'] set.
from elgg.
trac user marcus wrote on 39027486-09-10
What I meant by "content" was referring to marcin, basically I wanted to clarify the behaviour that a $_SESSION variable was being deleted depending on the specific content inside.
from elgg.
trac user marcin wrote on 39037346-06-26
Hi marcus,
this is a piece of code from
groupprofile.php
...
set_page_owner($group_guid);
if($group_guid > 0)
{
$_SESSION['falcon_ref'] = $group_guid;
}
else
{
$_SESSION['falcon_ref'] = 0;
}
// reassure that it is saved - this data was lost so we needed to save session here
session_write_close();
...
problem appears when i visit group profile page (which should save the group guid int) and then go to blogs for instance. $_SESSION['falcon_ref'] is no longer there, suprisingly for some values it is persisted.
Unfortunetly I didn't save svn ver number of elgg which I was using then.
Saludos
Marcin
from elgg.
Attachment added by trac user staticred on 39038464-06-29: cas_auth.zip
from elgg.
trac user staticred wrote on 39038465-12-25
To help move this forward, I've attached the source for the CAS module.
from elgg.
trac user marcus wrote on 39065158-09-16
(In [svn:2605]) Refs #562: Configuration flag to disable database sessions.
from elgg.
trac user marcus wrote on 39065161-10-24
You could try updating to latest SVN and seeing if setting $CONFIG->use_file_sessions = true in settings.php makes any difference.
This flag disables database sessions which is the one major change elgg makes to session handling code.
from elgg.
trac user staticred wrote on 39065632-12-28
No difference with the latest version in the subversion trunk. The session data from CAS is still destroyed with $CONFIG->use_file_sessions = true set.
from elgg.
trac user staticred wrote on 39194278-11-05
To move this ahead a little further, it not appears that this might not be a session issue, but rather an issue of the ?ticket parameter being lost in the actions handler (when it is redirecting from /action/cas_auth/login to /mod/cas_auth/login.php). Here's debug output from the phpCAS module, which shows the ?ticket query parameter being lost somewhere between the time the CAS server returns from authentication and it arrives at the login.php file. The CAS server returns the user to http://elggsite/elgg15/action/cas_auth/login?ticket=ST-67278-NOiaHXkSfzzcsHQh2a5k. However, you can see in the phpCAS debug information that ?ticket=<...> is lost by the time it gets to login.php. I've added extra trace() calls to phpCAS to try and figure this out.
F265 .START ****************** [CAS.php:398]
F265 .=> phpCAS::client('2.0', 'secure3.athabascau.ca', 443, '/cas', false) [lib.php:21]
F265 .| => CASClient::CASClient('2.0', false, 'secure3.athabascau.ca', 443, '/cas', false) [CAS.php:299]
F265 .| <= ''
F265 .<= ''
F265 .=> phpCAS::forceAuthentication() [lib.php:26]
F265 .| => CASClient::forceAuthentication() [CAS.php:895]
F265 .| | Session: Elgg [client.php:626]
F265 .| | session data: 4 [client.php:627]
F265 .| | __elgg_fingerprint: 156710a08757b190ebc250830a7db77d [client.php:629]
F265 .| | __elgg_session: 52253f8083309ace056c5689c74db72f [client.php:629]
F265 .| | view: default [client.php:629]
F265 .| | msg: Array [client.php:629]
F265 .| | => CASClient::isAuthenticated() [client.php:631]
F265 .| | | Entering isAuthenticated [client.php:733]
F265 .| | | => CASClient::wasPreviouslyAuthenticated() [client.php:737]
F265 .| | | | no user found [client.php:841]
F265 .| | | <= false
F265 .| | | no ticket found [client.php:771]
F265 .| | <= false
F265 .| | Session not authenticated. [client.php:637]
F265 .| | => CASClient::redirectToCas(false) [client.php:639]
F265 .| | | => CASClient::getServerLoginURL(false) [client.php:858]
F265 .| | | | => CASClient::getURL() [client.php:330]
F265 .| | | | | CGI Params: http://localhost/elgg15/action/cas_auth/login [client.php:2005]
F265 .| | | | <= 'http://localhost/elgg15/action/cas_auth/login'
F265 .| | | <= 'https://secure3.athabascau.ca:443/cas/login?service=http%3A%2F%2Flocalhost%2Felgg15%2Faction%2Fcas_auth%2Flogin'
F265 .| | | exit()
F265 .| | | -
F265 .| | -
F265 .| -
from elgg.
trac user staticred wrote on 39194531-08-17
Solution found - posting here for reference.
The problem was due to Elgg moving the additional query parameters into the $vals array. The fix for this specific problem was to place
$_REQUEST['ticket'] = $vals[svn:1];
into the start of the login.php file so that phpCAS could find the query parameter.
from elgg.
trac user marcus wrote on 39344508-11-29
Closed as this appears to be an isolated issue with one use case rather than a systemic problem.
from elgg.
Related Issues (20)
- [Feature]: ViewRenderingTestCase should support setting a pageowner for resources
- [Feature]: Dark Mode HOT 2
- Issue on hook 'action:validate', 'plugins/settings/save' HOT 7
- [Bug]: dependent plugins layout
- [Deprecated]: PHPUnit test
- [Feature]: add capability for notification subscriptions
- [Feature]: support for security.txt
- [Feature]: relationship events should have :before and :after
- [Bug]: unregistration hook in menus doesn't work HOT 3
- [Feature]: improve elgg_get_relationships()
- [Bug]: Date picker not working on dynamically loaded contents. HOT 3
- [Bug]: Redirect status code is not kept HOT 1
- [Bug]: elgg_view_field() layout issues
- CKeditor required fields do not have a visual indication on form validation
- [Feature]: allow the user to configure a personal default list length HOT 1
- Replace RequireJS with ES6 modules
- stop returing false from elgg_get_entities... instead throw exceptions if something wrong
- [Bug]: "Utilities" submenus not accessible HOT 1
- [Feature]: replace changelog js with PHP
- [Feature]: Improve cron handling
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elgg.