[dev] Session issues since php 7.2

[Ralf Lang]

Hi,

if I understand http_login script correctly, it assumes if you got
behind the http-level auth using the auth header, the supplied auth_user
and auth_pw must be valid to login in.

This is similar to using the auto driver and providing
$_SERVER['PHP_AUTH_USER'] as username,
$_SERVER['PHP_AUTH_PW'] as password.

Do you experience the same issues in a lab environment using the
original, unmodified http_login?


Am 10.01.19 um 15:50 schrieb SSRI:
>
> Hi,
>
> Using latest Horde Groupware Webmail Edition 5.2.22 and migrate from
> php 7.1 to 7.2, we've got these errors using an alternate login method
> similar to http_login ( pear/data/horde/scripts/http_login.php ):
>
> HORDE PHP ERROR: ini_set(): A session is active. You cannot change the
> session module's ini settings at this time [pid 14203 on line 159 of
> "/usr/share/horde/pear/php/Horde/Session.php"]
> HORDE PHP ERROR: session_set_cookie_params(): Cannot change session
> cookie parameters when session is active [pid 14203 on line 175 of
> "/usr/share/horde/pear/php/Horde/Session.php"]
> HORDE PHP ERROR: session_cache_limiter(): Cannot change cache limiter
> when session is active [pid 14203 on line 177 of
> "/usr/share/horde/pear/php/Horde/Session.php"]
> HORDE PHP ERROR: session_name(): Cannot change session name when
> session is active [pid 14203 on line 178 of
> "/usr/share/horde/pear/php/Horde/Session.php"]
>
> Is this related to https://bugs.php.net/bug.php?id=76358 ?
>
> We have added this to the following bug report: 
> https://bugs.horde.org/ticket/14777
>
> Regards.
>
> System Administration
> IT Services
> Panthéon-Assas University ( Paris 2 )
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pEpkey.asc
Type: application/pgp-keys
Size: 1757 bytes
Desc: not available
URL: <https://lists.horde.org/archives/dev/attachments/20190111/c1d0daf0/attachment.bin>