Session PHP Notices appearing in apache error logs

spiritquest · Post by **spiritquest** » Thu Jan 17, 2008 3:21 pm

Hi Garvin,

I've been noticing a lot of serendipity errors, and some hige lags in page loads just recently.

Am running 1.2

Here is what the apache logs say:

[Thu Jan 17 14:05:12 2008] [error] [client xxx.xxx.xxx.xxx] PHP Notice: A session had already been started - ignoring session_start() in /path/to/serendipity/serendipity_config.inc.php on line 20

Have you got any clues as to why this may be, I'm getting hundreds of these showing up.

Thanks,

Ket

Post by **garvinhicking** » Thu Jan 17, 2008 3:23 pm

Hi!

Does your PHP have the session.auto_start enabled? That doesn't go well with s9y.

That PHP Notice is not performance-relevant, though.

Regards,
Garvin

spiritquest · Post by **spiritquest** » Thu Jan 17, 2008 3:55 pm

The main php.ini file:

session.auto_start = 0

So thats off.

I noticed yesterday, that pages were hanging when I tried to visit a posting or catgeory, sometimes it hung for minutes. the logs show that the PHP notices were being written during the hanging.

Post by **garvinhicking** » Thu Jan 17, 2008 4:15 pm

Hi!

So these messages only started to occur recently? Did you change anything in the server config, PHP config, serendipity version or serendipity plugins?

Regards,
Garvin

spiritquest · Post by **spiritquest** » Thu Jan 17, 2008 4:18 pm

I don't know if they started recently. I only noticed them when I went to investigate the slow down. I can look back at earlier logs. I haven't been plugged into the blog much since before xmas.

I'll check.

As far as plugins, no nothing new, and as far as I can tell no changes on the server. We have our own vserver and the hosts have not (would normally) told us of any changes.

I'll check all of the above to make sure.

judebert · Post by **judebert** » Fri Jan 18, 2008 12:24 am

I'm getting similar errors. I'm following along, interested in the outcome. (You're helping more than just yourself; thanks.)

spiritquest · Post by **spiritquest** » Mon Jun 23, 2008 12:59 pm

I haven't been able to check back in previous logs, as the logrotate wasn't set to archive logs for any period of time.

I can tell you that the logs are continuously reporting PHP Notices to the effect:

A session had already been started - ignoring session_start() ...

I will re-check the server configs. I have a serendipity version offline (on my local machine) And I don't get the php Notices there. It is a completely different setup though.

spiritquest · Post by **spiritquest** » Mon Jun 23, 2008 1:23 pm

Having a look at the line of code that the error message is looking at I see the following:

Code: Select all

if (!headers_sent()) {
    session_start();
    
    // Prevent session fixation by only allowing sessions that have been sent by the server.
    // Any session that does not contain our unique token will be regarded as foreign/fixated
    // and be regenerated with a system-generated SID.
    // Patch by David Vieira-Kurz of majorsecurity.de
    if (!isset($_SESSION['SERVER_GENERATED_SID'])) {
        session_regenerate_id(true);
        session_start();
        header('X-Session-Reinit: true');
        $_SESSION['SERVER_GENERATED_SID'] = true;
    }
}

So this must mean if line 20 is being read, that the server variable

Code: Select all

$_SESSION['SERVER_GENERATED_SID']

is not being read and therefore, the command

Code: Select all

session_start();

is being parsed again.

Does that sound logical ?

Ket

Session PHP Notices appearing in apache error logs

Session PHP Notices appearing in apache error logs

Re: Session PHP Notices appearing in apache error logs

Should it be reading line 20