Including ProcessWire & Sessions

[wumbo]

Hi folks!

In my current project I'm using ProcessWire v2.5 as pure backend service, including it in my frontend application as described here.

Now I encountered some problems with the pw session handling interfering with the session handling of my frontend application. In this case the pw installation runs on a subdomain of my frontend application.

1. Duplicate session_start()
   
   Each time I include pw's index.php pw tries to start it's own session, resulting in a notice that a session has already been started.
   
   To encounter this problem, I changed one row in Session::___init() (/ProcessWire/wire/core/Session.php):
   
   

   protected function ___init() {
   	if (session_status() != PHP_SESSION_ACTIVE) @session_start();
   }
   

2. Session configuration override
   
   Additionally pw sets it's own session configuration and therefore overrides the config of my frontend application.
   
   To prevent this, I wrapped the session configuration block within the index.php (/ProcessWire/index.php, rows ~176ff) in a condition:
   
    

   if (session_status() != PHP_SESSION_ACTIVE) {
   
       session_name($config->sessionName);
       ini_set('session.use_cookies', true);
       ini_set('session.use_only_cookies', 1);
       ini_set('session.cookie_httponly', 1);
       ini_set('session.gc_maxlifetime', $config->sessionExpireSeconds);
   
       if (ini_get('session.save_handler') == 'files') {
           if (ini_get('session.gc_probability') == 0) {
               // Some debian distros replace PHP's gc without fully implementing it,
               // which results in broken garbage collection if the save_path is set.
               // As a result, we avoid setting the save_path when this is detected.
           } else {
               ini_set("session.save_path", rtrim($config->paths->sessions, '/'));
           }
       }
   }
   

This is surely a bad way to fix my problem, because I had to change some code within the pw core.

If anybody knows a more elegant solution to prevent pw from starting/configuring a session if used vi include, it would be very welcome.

regards,

Wumbo

[mn-martin]

This is still an issue and the solution seems legit. May there be a chance to get this upstream?

[dotnetic]

This seems to be answered here 

 

[wumbo]

I think not. My problem is, that in my scenario PW tries to start a session a second time without checking if a session is already active. The session configuration is another topic.