Jump to content

TracyDebugger session challenge conflict


psy
 Share

Recommended Posts

Hi @adrian

Love TD and can't do without it. Unfortunately I found a conflict with a module I'm developing.

The module calls on a library that uses  a particular class type for a challenge. My module is frontend only, autload="template!=admin" and the FE works with TD using the native PHP $_SESSION. I had http errors using PW's $session.

However, when I go to the admin, PW crashes spectacularly with:

image.jpeg.7720db1a704239bc2b9de91f155496f2.jpeg

Disabling TD (putting a dot before the module name) is the only solution to access the admin area, but creates other problems. TD is still installed but inaccessible.

Have tried namespacing the $session var, ie

$session->setFor("myspace", "challenge", "my data")

but it makes no difference. Turning off $config->debug resulted is a slightly less alarming Error 500.

Any ideas on how to fix? Or maybe this is a question for @ryan as it's the admin core that spitting the error?

 

 

Link to comment
Share on other sites

Hi @psy - I don't think this is a Tracy issue. It seems like there is an unserialize call somewhere - can you see one in Tracy's callstack? Maybe you can post the entire HTML of it?

Is your module trying to integrate: https://github.com/lbuchs/WebAuthn ?

There are lots of results on Google about this error: https://www.google.com/search?q="the+script+tried+to+call+a+method+on+an+incomplete+object.+Please+ensure+that+the+class+definition"&oq="the+script+tried+to+call+a+method+on+an+incomplete+object.+Please+ensure+that+the+class+definition"&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQLhhA0gEJMTM1NjlqMGoxqAIAsAIA&sourceid=chrome&ie=UTF-8 but kinda hard to figure out the cause in this case without seeing the rest of Tracy's stack trace.

Link to comment
Share on other sites

Hi @adrian and thank you for the prompt reply. I agree, it's not Tracy. Tracy is simply reporting the problem.

Yes, I'm trying to integrate the https://github.com/lbuchs/WebAuthn. It obviously needs a lot of custom code to 'ProcessWire' it. The 'challenge' is proving to be the challenge - pun intended!

I'd also googled the incomplete object problem and could find nothing specific to ByteBuffer.

Touch wood, I've not encountered the admin issue with the session ByteBuffer today. Other issues for sure. There's a lot of conversation between the server and browser that has to be 100% to get the certificate created.

The weirdest thing is that the first time the session byte buffer is accessed, it's reported correctly. Subsequent bd()'s show that it's corrupted. The front end page submits to an api (page) that has a switch statement based on the page urlSegment 1 (route).

image.jpeg.ffe20dfae7d5221c7c3f4b8b9321d165.jpeg

The demo site at https://webauthn.lubu.ch/_test/client.html doesn't have these issues and it's all based on sessions, get variables, html & js being processed by PHP.

🤷‍♀️ and not a question for you unless you have any ideas on what's going on.

 

Link to comment
Share on other sites

  On 3/13/2025 at 4:06 PM, adrian said:

On a side note, have you seen this WebAuthn module: https://processwire.com/modules/tfa-web-authn/

Expand  

Oh man, why didn't that show up in all my searches 🤦‍♀️ Will definitely investigate.

I'm well down the path with lubuch now - may still have to scratch it - and have solved the issue with sessions simply by bypassing them during the registration process. It may come back to bite me later.

Please do let me know if you recall the issue with corrupted sessions.

Thanks again 🙂 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...