auraphp / aura.session Goto Github PK

Both develop-2 and master is showing 16 errors with phpunit run under the console under either PHP 5.3 or 5.4, are you aware of this issue?

There were 16 errors:

1) Aura\Session\CsrfTokenTest::testLaziness

session_start(): Cannot send session cookie - headers already sent by (output started at C:\workspace\test\Aura.Session\tests\phpunit.phar:2)

... (more like this) ...

FAILURES!
Tests: 32, Assertions: 34, Errors: 16.

I'm not even sure how headers could be "sent" when it's running under a console?

Perhaps the phpunit configuration needs to be configured to suppress the message or output (or whatever) if that's what causing output to start - or maybe you need to wrap the test suite in ob_start() and ob_get_clean() to avoid output starting or something?

Hi,

I get this error message regularly (be it ajax calls or inside Twig templates):
A session is active. You cannot change the session module's ini settings at this time

I noticed you talk about it in the sessionStatus() phpDoc, but I don't understand what you explain.

Why do I keep getting this error? What should I do to prevent it?

Thank you,

I thought this would be simple but I can't seem to figure out exactly how to make this work.

I have created a simple api which stores a user's email in an Aura Session on one domain. Let's call that domain login.domain.com
On multiple other sites I am trying to make a POST to that domain to retrieve the user's email that is logged in but because they are all different domains making the call; I need to somehow resume the session that is started on login.domain.com.

I tried to pass the session id into the session in various ways but it doesn't seem to work. Is there a way to pass a known session id into Aura to reconnect to an active session? Given that I have the session id I think it should be possible to do I just can't seem to find the correct function to call; or the correct order to call it in.

Once you set a flash, and retrive the flash, still the message not expiring ( v2 )

$segment = $session->getSegment('Cocoframework\Example\ContactResponder');
$segment->setFlashNow('message', 'Thank you!. Someone will shortly get in touch with you!');
echo$session->getSegment('Cocoframework\Example\ContactResponder')->getFlash('message');

Hi Paul,

Could you please tag session for it fixed some issues. Also there is Di, Sql people have been looking for releases.

I have been using the latest release via Composer (2.1.0) in some projects pretty smoothly (thanks!), but I noticed there are newer branches 3.x and 4.x here. What is the latest stable branch and will there be a new Composer release for it? Presuming those branches are stable, is there documentation for migrating from 2.x?

(Originally published at: https://gregorlove.com/2023/01/latest-stable-release/)

The idea is to be able to set different expiration time for each segment, that way it is possible to let expire the authentication information (for exemple), without losing the content of other Segments.

What do you think about that feature request ?

There is no hasFlash . Is it purposefully removed ?

The code that is in README (Getting Started) for init a session is not valid.
$session = include "/path/to/Aura.Session/scripts/instance.php";

The file scripts/instance.php don't exists in branch develop-2, exists only in branch develop.
In composer (https://packagist.org/packages/aura/session) the source code is develop-2.

Hi,
I am using this library for my application using localhost. segment is storing values when i access the site using http://localhost:8080 but it is not saving values if i access the same site using http://127.0.0.1:8080.
Please help me to fix this issue.

Hello.

I noticed that develop and master branch differ by their composer. But the tagged version 1.0 is even more different?

Which one is more stable and more awesome to use?

I see Travis is angry with #46, #47 on PHP7... but I dont think I did anything to break it.

1. Aura\Session\SessionTest::testGetAndRegenerateId
   session_regenerate_id(): Failed to create(read) session ID: user (path: )

Possibly related?
https://bugs.php.net/bug.php?id=70871

Any ideas?

Hi there,

Is the library supposed to work if I store arrays into the session?

Example:

$segment = $session->newSegment('Vendor\Package\ClassName');

$segment->foo = [
    'test'
];

Right now I'm not having luck with this, but I'm not sure I'm doing everything correctly. So is that supposed to work?

Thanks

https://prnt.sc/17mxepl

I can't find the reason why I am getting an error on this line while coding in my project. whereas my software engineer did the same thing and worked on it, but it didn't work for me and I couldn't find a solution what exactly he meant here, what is the error, how can I fix it?

@harikt @pmjones

I've created a PR based on 3.x that supports PHP 7.2 to 8.1. #75

I would like to create branch 4.x, however, there are still PRs that have not been merged. What should I do? Do we merge them and then create 4.x?

I'm having a problem where subsequent session_start() is always regenterating the session id. I narrowed it down to it (apparently) not reading from PHPSESSID when session.use_cookies is false, even if session.use_only_cookies is true. I'm guessing there was a change since you wrote the article back in April, and or you were on a different version? http://paul-m-jones.com/archives/6310

I'm on version 7.0.13 using the built in server for testing. Do you know if this is a limitation of the built in server, changed with later versions, can you confirm it actually used to work in the past?

What is the future of this project? In my opinion, it is feature complete and only needs to have the latest versions of PHP (7.3, 7.4 & 8.0 as of this writing) tested via travis or Github Actions to ensure it continues to work with the currently supported version of PHP. Will anyone be updating the CI tests for this project?

What about adding session save handlers for PDO, Redis etc?

i can not set the session_name or session_param.

'session_set_cookie_params(): Cannot change session cookie parameters when session is active' in '\library\Aura\Session\Phpfunc.php' line 33

I think the session_set_cookie_params have to be called bevor creating the instance?

I have seen, that the project is not updated since 2 years. Is there another library uptodate?

with regards
Andy

Hi Paul,

In v2 I have not used commit but the session is still available. Does that mean we need to modify the docs https://github.com/auraphp/Aura.Session#saving-clearing-and-destroying-sessions

Segment.php
Perhaps, I asked the wrong question. But when I set some data with setFlash on a request which, supposedly, meant to be utilised in the next request (only), I receive a NULL on getFlash call - which shouldn't be the case.

Is it only meant to be utilised in the similar request?

PS: Please check my pull request regarding the same. I'm using this library with Slim - microframework for PHP

Thank you

Hi,

I am using Aura and i have a many questions :

1- Can i set the entriopy of cookie value ?
2 - Can i set the method of hashing value?
3- Can i get a instance of session to check if exists?
4- When i get the csrf token, it generates a new token and new session but it doesn't have a first token generated

This is what I do. Am I using Aura wrong? The lifetime doesn't seem to go beyond 1hr, no matter what I do. It feels like I'm using it wrong, based on this lifetime issue that I'm having. Though, I did follow the documentation to the best of my knowledge.

Initiate session when needed:

public function session() {
	if (!isset($this->_session)) {
		$session_factory = new SessionFactory;
		$this->_session = $session_factory->newInstance($_COOKIE);
		$this->_session->resume();
	}
	return $this->_session;
}

Trying to set a session w/ lifetime in the login action:

if (login($email, $password) {
	$this->session()->setCookieParams(array(
		'lifetime' => (
			// for instance, two days.
			60*60*24*2
		),
		'path' => '/',
	));

	$segment = $this->session()->getSegment('MyProject');
	$segment->set('identity', '…');

	// don't know if this is necessary.
	$this->session()->commit();

	// redirect …
}

Load stored value from session on next page request:

// load user from session, if any.
$segment = $this->session()->getSegment('MyProject');
$user_id = $segment->get('identity');

The identity value is stored, but it gets automatically cleared after (I think) one hour – neither after two days, nor upon restarting the browser.

• PHP version 7.2.19-0ubuntu0.18.04.2
• Apache/2.4.29 (Ubuntu)
• aura/session 2.1.0 (installed via Composer)

If I dump the session.cookie_lifetime value at various places, I can see that it is indeed set right before the redirect, but then 0 again on the next page request. I'm not really sure if all the other session variables are set properly … I'm not very familiar with session management.

session.auto_start	Off
session.cache_expire	180
session.cache_limiter	nocache
session.cookie_domain	no value
session.cookie_httponly	no value
session.cookie_lifetime	0
session.cookie_path	/
session.cookie_secure	0
session.gc_divisor	1000
session.gc_maxlifetime	1440
session.gc_probability	0
session.lazy_write	On
session.name		PHPSESSID
session.referer_check	no value
session.save_handler	files
session.save_path	/var/lib/php/sessions

session.serialize_handler		php
session.sid_length			26
session.upload_progress.cleanup		On
session.upload_progress.enabled		On
session.sid_bits_per_character		5
session.upload_progress.freq		1%
session.upload_progress.min_freq	1
session.upload_progress.name		PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix		upload_progress_

session.use_cookies		1
session.use_only_cookies	1
session.use_strict_mode		0
session.use_trans_sid		0

Can someone please teach me how to use Aura correctly?

Hi all,

I forgot we have an issue auraphp/Aura.Auth#86 .

Looking at Auth, I noticed it is already being released 4.x .

My bad, I didn't noticed it. But probably for session we can separate the interface to a different repo.

I can get the flash messages working fine on plain PHP pages but when I try to use it in an MVC style setup, it doesn't work anymore. The set() and get() Session methods work fine though.

I thought maybe my MVC layout is the problem but I tried other flash message packages such as slim/flash and it works fine.

Anybody else having issues with flash messages?

Btw, the README doc doesn't seem to be updated, it says:

We can do so on a per-segment basis by calling the Segment keepFlash() method, or we can keep all flashes for all segments by calling the Session keepFlash() method.

But there's seem to be no keepFlash() method in the Session object

It looks like you've been refactoring for PHP 5.3 compatibility?

If so, please note that session_set_save_handler does not support SessionHandlerInterface before 5.4.

Like the title says, when the CsrfToken constructor is checking for an existing csrf token value, it's written as if Segment defines a __get method, but Segment has a regular get() method instead.

As a result, every time $session->getCsrfToken() is called, the token fails to find it's previous value from the session, and generates a new one...so no value can ever pass a $token->isValid() check.

Hi.

Can you anyone explain why my cookie parameters are being reset whenever I do a redirect or navigate to a new page? Apologies if I am doing something wrong here. So I start with the following:

index.php

require_once("autoload.php");

$session_factory = new \Aura\Session\SessionFactory;
$session = $session_factory->newInstance($_COOKIE);
$session->setCookieParams(array('lifetime' => '10','httponly' => true));
$segment = $session->getSegment('Vendor\Package\ClassName');
$segment->set('username', 'new person');
$segment->set('usertype', 'enduser');

header('Location: welcome.php');
exit(0);

When I var_dump $session on index.php I get the following for the cookie params:

...
["cookie_params":protected]=>
  array(5) {
    ["lifetime"]=>
    string(2) "10"
    ["path"]=>
    string(1) "/"
    ["domain"]=>
    string(0) ""
    ["secure"]=>
    bool(false)
    ["httponly"]=>
    bool(true)
  }
...

welcome.php

require_once("autoload.php");

$session_factory = new \Aura\Session\SessionFactory;
$session = $session_factory->newInstance($_COOKIE);
$segment = $session->getSegment('Vendor\Package\ClassName');

When I var_dump $session on welcome.php I get the following for the cookie params:

....
["cookie_params":protected]=>
  array(5) {
    ["lifetime"]=>
    int(0)
    ["path"]=>
    string(1) "/"
    ["domain"]=>
    string(0) ""
    ["secure"]=>
    bool(false)
    ["httponly"]=>
    bool(false)
  }
....

Any insight on this?
Thanks

Is there the possibility we could get a getOnce function as we've dealt with a few applications that we want to use setFlash for - but sometimes there are redirects going on, which mean the flash is lost.

What we find ourselves doing is

$previousConfiguration = Su::$session->get('previousConfiguration', false);

if( $previousConfiguration ){
    Su::$session->set('previousConfiguration', false);
}

What would be great is if this functionality could be added by default, e.g

$session->getOnce('previousConfiguration', false);`

Which then unsets the value after its been used?

Many thanks for your time and effort in the project :)

Hi Paul,

I am wondering what will be the best way to encrypt the data of cookies. Do you have any idea ?

I know a few frameworks ( Slim ) that do encryption with mcrypt .

Hi Paul,

I feel session should have the remember me functionality than the Auth.

It seems to me the functionality of session to save the cookie.

What do you think ?

Flash messages can be of type info, error etc.

I haven't looked into the code to see how to make it. Just for a future remembrance .

Hi @pmjones ,

FYI there was a question from @brandonsavage in irc

I'm having some issues with the session handler.
15:39   brandonsavage   It doesn't actually seem to save things.
15:42   brandonsavage   harikt: Any thoughts?
15:46   harikt  brandonsavage, are you doing commit ? else it will not save https://github.com/auraphp/Aura.Session#session-security
15:46   brandonsavage   harikt: Yep, doing the commit.
15:46   harikt  hm, no idea.
15:47   harikt  Do you have somecode so I can try ?
15:48   brandonsavage   harikt: Oh, I see my problem.
15:48   brandonsavage   I saved an object to the session
15:48   brandonsavage   And you can't do that.
15:49   brandonsavage   I was hoping that Aura.Session would be smart enough to iterate, and serialize arrays/objects.

Hi Paul,

I was recalling a message to the groups, flash messages will be removed on next load even if it is displayed or not .

That gives me a feeling of we probably don't need to call to get the segment to set the flash message.

I have added to packagist .

Please add the hook :) .

Thanks