Mahara

White screen when session times out

Bug #1495200 reported by Robert Lyon on 2015-09-13

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Mahara	Fix Released	High	Unassigned	Mahara 15.10.0
1.10	Fix Released	High	Unassigned	Mahara 1.10.7
1.9	Fix Released	High	Unassigned	Mahara 1.9.9
15.04	Fix Released	High	Unassigned	Mahara 15.04.4
16.04	Fix Released	High	Unassigned	Mahara 16.04.0

Bug Description

Issue with 15.10

If you are logged into mahara and leave the site open in a browser for some time when you come back and try to navigate somewhere you can end up with a white blank screen - on refresh of page all works fine.

The problem is this:
PHP Fatal error: auth_generate_login_form(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Pieform" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /home/robertl/htdocs/mahara-devel/mahara/htdocs/auth/lib.php on line 1945

Which deals with the line:
return get_login_form_js($SESSION->loginform->build());

In earlier Mahara you would instead be given (via js) a popup login box.

Tags:

Revision history for this message

Robert Lyon (robertl-9) wrote on 2015-09-14:

From what I have read the problem seems to be this:

The automatic $_SESSION serialization/unserialization occurs when you call session_start().
That means the order in which you include your files and call the session_start() is very important.

BAD:
session_start();
require_once('pieforms/pieform.php');

GOOD:
require_once('pieforms/pieform.php');
session_start();

One possible solution is to use the session_write_close(), then session_start()

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2015-09-30:

The root of this problem is that we're serializing the login Pieform object and storing it in the session. This was done in this patch: https://reviews.mahara.org/#/c/2980/5/htdocs/auth/lib.php

Since that patch was added in Mahara 1.9, this problem is probably present in all versions of Mahara since then.

Probably, what we should be doing is *not* serializing the entire login form object, but just portions of it that are made out of PHP primitives (strings, arrays, etc).

tags:

added: regression

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2015-09-30:

On further testing, this is not a problem until Mahara 15.10. In 1.9 and 1.10, the system works as expected (although it does generating a PHP warning message about an undefined variable).

To replicate:

1. Add this to your config.php file, to set session timeout to 10 seconds: $cfg->session_timeout = 10;
2. Log in to Mahara
3. Count to 10
4. Click on the "Dashboard" link again

Expected result: You should be redirected to the login screen and see "Please login again"
Actual result: You get a white screen from Mahara crashing fatally. This is the error stack in the logs:

Fatal error: auth_generate_login_form(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition "Pieform" of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in htdocs/auth/lib.php on line 1944

1. {main}() htdocs/index.php:0
2. smarty() htdocs/index.php:88
3. auth_generate_login_form() htdocs/lib/web.php:703

no longer affects:	mahara/1.9
no longer affects:	mahara/1.10

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-09-30: A patch has been submitted for review

Patch for "15.04_STABLE" branch: https://reviews.mahara.org/5407

Revision history for this message

Aaron Wells (u-aaronw) wrote on 2015-09-30:

On further inspection, it doesn't look like there's any need for that particular form object to be cached in the session at all. Maybe this was just an oversight from an earlier point in the development of Jono's patch.

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A change has been merged

Reviewed: https://reviews.mahara.org/5407
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/aee374c0aa5d89cadba50a2eff2891af4ee751c0
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.04_STABLE

commit aee374c0aa5d89cadba50a2eff2891af4ee751c0
Author: Aaron Wells <email address hidden>
Date: Wed Sep 30 17:15:49 2015 +1300

Remove unnecessary cached form from the session

Bug 1495200 & Bug 1496681

behatnotneeded: Well, we could test this, but it would
require a 60-second wait for the session to timeout (since
the least you can set the session timeout via the UI
is 1 minute)

Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A patch has been submitted for review

Patch for "15.10_STABLE" branch: https://reviews.mahara.org/5441

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A change has been merged

Reviewed: https://reviews.mahara.org/5441
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/784dbf9d5a5a8fc31a7d5b49bbcb41fe68578b7b
Submitter: Robert Lyon (<email address hidden>)
Branch: 15.10_STABLE

commit 784dbf9d5a5a8fc31a7d5b49bbcb41fe68578b7b
Author: Aaron Wells <email address hidden>
Date: Wed Sep 30 17:15:49 2015 +1300

Remove unnecessary cached form from the session

Bug 1495200 & Bug 1496681

behatnotneeded: Well, we could test this, but it would
require a 60-second wait for the session to timeout (since
the least you can set the session timeout via the UI
is 1 minute)

Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad
(cherry picked from commit aee374c0aa5d89cadba50a2eff2891af4ee751c0)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/5442

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A change has been merged

#10

Reviewed: https://reviews.mahara.org/5442
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/e2d001a8873c3897ef088d6ed609f11846c82c41
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit e2d001a8873c3897ef088d6ed609f11846c82c41
Author: Aaron Wells <email address hidden>
Date: Wed Sep 30 17:15:49 2015 +1300

Remove unnecessary cached form from the session

Bug 1495200 & Bug 1496681

behatnotneeded: Well, we could test this, but it would
require a 60-second wait for the session to timeout (since
the least you can set the session timeout via the UI
is 1 minute)

Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad
(cherry picked from commit aee374c0aa5d89cadba50a2eff2891af4ee751c0)
(cherry picked from commit 784dbf9d5a5a8fc31a7d5b49bbcb41fe68578b7b)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A patch has been submitted for review

#11

Patch for "1.10_STABLE" branch: https://reviews.mahara.org/5443

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02:

#12

Patch for "1.9_STABLE" branch: https://reviews.mahara.org/5444

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02: A change has been merged

#13

Reviewed: https://reviews.mahara.org/5444
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/af0f74a9dafa0b3726df925e65c1443f7aa2e29a
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.9_STABLE

commit af0f74a9dafa0b3726df925e65c1443f7aa2e29a
Author: Aaron Wells <email address hidden>
Date: Wed Sep 30 17:15:49 2015 +1300

Remove unnecessary cached form from the session

Bug 1495200 & Bug 1496681

behatnotneeded: Well, we could test this, but it would
require a 60-second wait for the session to timeout (since
the least you can set the session timeout via the UI
is 1 minute)

Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad
(cherry picked from commit aee374c0aa5d89cadba50a2eff2891af4ee751c0)
(cherry picked from commit 784dbf9d5a5a8fc31a7d5b49bbcb41fe68578b7b)

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2015-10-02:

#14

Reviewed: https://reviews.mahara.org/5443
Committed: https://git.nzoss.org.nz/mahara/mahara/commit/ea1bdc16d53ac5c659a9df853fae8fa891102e51
Submitter: Robert Lyon (<email address hidden>)
Branch: 1.10_STABLE

commit ea1bdc16d53ac5c659a9df853fae8fa891102e51
Author: Aaron Wells <email address hidden>
Date: Wed Sep 30 17:15:49 2015 +1300

Remove unnecessary cached form from the session

Bug 1495200 & Bug 1496681

behatnotneeded: Well, we could test this, but it would
require a 60-second wait for the session to timeout (since
the least you can set the session timeout via the UI
is 1 minute)

Change-Id: Ia5c861c16b6c893ada9d5eb2111f0b6a9aee49ad
(cherry picked from commit aee374c0aa5d89cadba50a2eff2891af4ee751c0)
(cherry picked from commit 784dbf9d5a5a8fc31a7d5b49bbcb41fe68578b7b)

Kristina Hoeppner (kris-hoeppner) on 2016-04-29

no longer affects:	mahara/15.10
Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1473817

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.