[dev] Session issues since php 7.2

SSRI ssri_abo at u-paris2.fr
Fri Jan 11 14:26:26 UTC 2019


Hi,

>>>
>>> if I understand http_login script correctly, it assumes if you got
>>> behind the http-level auth using the auth header, the supplied auth_user
>>> and auth_pw must be valid to login in.
>>>
>>> This is similar to using the auto driver and providing
>>> $_SERVER['PHP_AUTH_USER'] as username,
>>> $_SERVER['PHP_AUTH_PW'] as password.
>>>
>>> Do you experience the same issues in a lab environment using the
>>> original, unmodified http_login?
>>>
>>
>> No. Unmodified http_login works fine ( using it as alternate login ).
>>
>> Moved Horde_Registry::appInit piece of code at the beginning of
>> customized alternate login page ( before code retrieving credentials )
>> and works fine now.
>>
>> Never had issue with previous Horde_Registry::appInit location inside
>> customize code. Do you think this could come from PHP 7.2 that
>> introduced some changes in session handling ?
>>
>>>
> Can't rule this out without looking deeper into it. Are you using the
> default php session handler or some other backend?

Using Builtin sessionhandler  ( Our PHP Session Handler is currently  
memcached , testing with file-based makes no difference ).


More information about the dev mailing list