Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache virtual() failures with session module #17655

Open
bukka opened this issue Jan 31, 2025 · 2 comments
Open

Apache virtual() failures with session module #17655

bukka opened this issue Jan 31, 2025 · 2 comments
Labels
Bug Extension: session SAPI: apache2handler

Comments

@bukka
Copy link
Member

bukka commented Jan 31, 2025

Description

This is taken from the note in docs: https://www.php.net/manual/en/function.virtual.php#124597

Starting with 7.2 various session related things were changed and it seems part of it is conflicting with virtual(). Calling it you may receive a "PHP Warning: virtual(): Headers already sent. You cannot change the session module's ini settings at this time in ..." although no header was set and virtual() should simply provide static content from a file.

It took half a day to find out that some main session.configuration.php settings (e.g. save_handler, serialize_handler, or save_path) in the Apache config (all levels) are causing this. It seems the settings are regarded as likely to change headers but virtual() is already beyond sending them. Unfortunately the warning is then not only logged to error_log but also part of the content virtual() sends to the client which screws it up - the format of the content like binary image data is no more correct.

If you do not need php's session management you can remove all session.* settings in your apache configuration to avoid the warning. Otherwise a workaround is to switch off E_WARNING before calling virtual().

<?php
$filename = '/data/image.jpg';
$level = error_reporting();
error_reporting($level & ~E_WARNING); 
virtual($filename);
error_reporting($level);
?>

This will be most likely related sharing of globals and will require some restoring of parent globals like. It needs more checking if it's just for SG(headers_sent) or some session globals as well. In general, there are likely more issue with re-using globals in this way so this might probably need some deeper review. I guess it would be still worth to fix the session specific issues and do a bit more testing to see if more generic approach makes sense.

PHP Version

PHP 8.3+

Operating System

No response
@bukka
Copy link
Member Author

bukka commented Jan 31, 2025

This is in some way related to #17653 (just in terms of general globals sharing problem)

@bukka
Copy link
Member Author

bukka commented Jan 31, 2025

This is also related to https://bugs.php.net/bug.php?id=80558

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Extension: session SAPI: apache2handler
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bukka