Support » Plugin: WP Session Manager » PHP 7.2 Warning

  • Resolved Mikhail Alferov

    (@malferov)


    Hi!

    I switched the site to PHP 7.2 and receive a warning in the logs:

    PHP Warning: session_set_save_handler(): Cannot change save handler when session is active in /home/…/wp-content/plugins/wp-session-manager/vendor/ericmann/sessionz/php/Manager.php on line 133

    There was no such warning in PHP 7.1.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Maybe like this?

    if ( !isset($_SESSION) ) session_set_save_handler($manager);

    Plugin Author Eric Mann

    (@ericmann)

    This is definitely something we should fix => I’m opening a bug report on the GitHub project for tracking.

    Unfortunately, your proposed solution to check whether or not $_SESSION is set first will … break things. We need to set the session save handler before using the session at all in order for it to save to the right place. If your site is setting up a session before we’ve set the save handler, you won’t end up using the plugin’s custom storage in the first place.

    In any case, marking this as “resolved” for now because it’s more than likely your theme (or another plugin) that’s setting the session up early. That being said, I’ll queue things up to see if we can be more defensive around setting things up moving forward.

    I go this output if this helps you, thank you Eric!

    FILE: /wp-content/plugins/wp-session-manager/vendor/paragonie/random_compat/lib/byte_safe_strings.php
    ———————————————————————————————————————————
    FOUND 0 ERRORS AND 2 WARNINGS AFFECTING 2 LINES
    ———————————————————————————————————————————
    33 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
    87 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
    ———————————————————————————————————————————

    FILE: /wp-content/plugins/wp-session-manager/vendor/paragonie/random_compat/lib/random_bytes_mcrypt.php
    ——————————————————————————————————————————————————
    FOUND 3 ERRORS AFFECTING 1 LINE
    ——————————————————————————————————————————————————
    60 | ERROR | Extension ‘mcrypt’ is deprecated since PHP 7.1 and removed since PHP 7.2; Use openssl (preferred) or pecl/mcrypt once available instead
    60 | ERROR | Function mcrypt_create_iv() is deprecated since PHP 7.1 and removed since PHP 7.2; Use random_bytes() or OpenSSL instead
    60 | ERROR | The constant “MCRYPT_DEV_URANDOM” is deprecated since PHP 7.1 and removed since PHP 7.2
    ——————————————————————————————————————————————————

    FILE: /wp-content/plugins/wp-session-manager/vendor/defuse/php-encryption/src/Core.php
    ——————————————————————————————————————
    FOUND 0 ERRORS AND 4 WARNINGS AFFECTING 2 LINES
    ——————————————————————————————————————
    282 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
    282 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
    308 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
    308 | WARNING | INI directive ‘mbstring.func_overload’ is deprecated since PHP 7.2
    ——————————————————————————————————————

    Plugin Author Eric Mann

    (@ericmann)

    @asantos23 This conversation was already resolved as it was fixed in a different release. <i>Next time</i> please open a separate thread so everyone can see it. That being said, let me explain a few of these …

    * random_compat

    This is a library that provides true random number support for older versions of PHP. On modern versions (i.e. 7+) it’s unnecessary as the random number generators are native. It’s included here as a dependency of the defuse/php-encryption library.

    This is a polyfill, meaning it’s built in such a way that it’s not even used if you’re on the right version of PHP – it’s only actually loaded if you’re on old PHP and lack native support.

    Note also that WordPress ships this library as part of core as well, so your site is already running it 😉

    * defuse/php-encryption

    This library is used to encrypt sessions at rest and provides a wrapper around common encryption functionality in PHP. If you’re not encryption sessions – though you should be – it won’t do anything.

    * Deprecation warnings

    These won’t break your site. They’re a consequence of the plugin supporting older versions of PHP and necessarily including libraries that provide backwards-compatibility support. I will eventually be removing them when I bump the minimum version to 7.2 … but that’s a ways out.

    * Deprecation errors

    These errors – the removal of the mcrypt extension as of PHP 7.2 – are known. They’re why the random-compat library is included at all. Older versions of PHP that lacked a true random number generator used mcrypt to generate random values. Modern PHP uses a native interface and the library doesn’t even try to load the extension.

    In summary: static code sniffing is giving you some false positive errors here.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘PHP 7.2 Warning’ is closed to new replies.