Weird session error "Failed to decode session object. Session has been destroyed"

CentOS release 6.9 (Final). Just upgraded from PHP 5.4 to 5.6. Environment information:

$ sudo yum list installed php*
[sudo] password: 
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink                                            |  12 kB     00:00     
 * base: mirror.cc.columbia.edu
 * epel: archive.linux.duke.edu
 * extras: centos-distro.1gservers.com
 * updates: centos.chicago.waneq.com
 * webtatic: sp.repo.webtatic.com
base                                                                                                                                                              | 3.7 kB     00:00     
docker-ce-stable                                                                                                                                                  | 2.9 kB     00:00     
epel                                                                                                                                                              | 4.3 kB     00:00     
epel/primary_db                                                                                                                                                   | 5.9 MB     00:00     
extras                                                                                                                                                            | 3.4 kB     00:00     
mongodb                                                                                                                                                           |  951 B     00:00     
pgdg96                                                                                                                                                            | 4.1 kB     00:00     
updates                                                                                                                                                           | 3.4 kB     00:00     
webtatic                                                                                                                                                          | 3.6 kB     00:00     
Installed Packages
php56w.x86_64                                                                               5.6.30-1.w6                                                                         @webtatic
php56w-cli.x86_64                                                                           5.6.30-1.w6                                                                         @webtatic
php56w-common.x86_64                                                                        5.6.30-1.w6                                                                         @webtatic
php56w-devel.x86_64                                                                         5.6.30-1.w6                                                                         @webtatic
php56w-ldap.x86_64                                                                          5.6.30-1.w6                                                                         @webtatic
php56w-mysql.x86_64                                                                         5.6.30-1.w6                                                                         @webtatic
php56w-pdo.x86_64                                                                           5.6.30-1.w6                                                                         @webtatic
php56w-xml.x86_64                                                                           5.6.30-1.w6                                                                         @webtatic

from phpinfo():

Author Phalcon Team and contributors Version 2.0.13 Build Date Jul 7 2017 15:11:14 Powered by Zephir Version 0.9.2a-dev

As of upgrading, my users were complaining that my application is kicking them out and forcing them to login again for no reason. Looking in /var/log/httpd/sslerrorlog I see lots of these:

[Fri Jul 07 16:18:00 2017] [error] [client 156.111.60.215] PHP Warning:  session_start(): Failed to decode session object. Session has been destroyed in /var/www/html/dbsr/app/config/services.php on line 93, referer: https://xxx.xxx.xxx.com/dbsr/

From app/config/services.php:

/**
 * Start the session the first time some component request the session service
 */
$di->set('session', function () {
    $session = new SessionAdapter();

    if(!$session->isStarted()){

      $session->start();

    }
    return $session;
});

Nothing in the code base changed. I am running linux on my laptop and cannot replicate this problem but many users on windows are reporting it and I see those errors in the log corresponding to when they complain about losing the session.

Help!



66.8k

what is your session handler ?

Are you sure you didnt configure php to save sessions in mongo somehow and mongo service might not be up or something like that ?

otherwise google where sessions were stored ( its being configured from php.ini ) and make sure php has rights to make files in that dir



18.6k

session handler is Phalcon\Session\Adapter\Files as SessionAdapter;

Mongo is not installed.

The problem appears to be limited to windows clients using chrome, chrome on linux seems to not have this problem.

from /etc/httpd/conf.d/php.ini:

php_value session.save_handler "files"
php_value session.save_path    "/var/lib/php/session"

from /var/lib/php/session:

$ ls -la
total 32
drwxrwx---. 2 root   apache 12288 Jul 10 12:02 .
drwxr-xr-x. 4 root   root    4096 Jul  7 16:42 ..
-rw-------. 1 apache apache     0 Jul 10 09:17 sess_ST-301140-g7aNwU4Uk4de9WGkBRHm-idmcasprod2
-rw-------. 1 apache apache   134 Jul 10 11:03 sess_ST-307426-CLD4Pcey1rZawKBzEQ5u-idmcasprod2
-rw-------. 1 apache apache     0 Jul 10 11:11 sess_ST-307451-kXbg9YppsUbbA4vtNJZh-idmcasprod2
-rw-------. 1 apache apache   134 Jul 10 12:02 sess_ST-311587-DZIDhdqE1TqThcFWlkRB-idmcasprod2
-rw-------. 1 apache apache    38 Jul 10 11:18 sess_ST-337773-KDLkOWvNubX4bZadSTah-idmcasprod1
-rw-------. 1 apache apache   136 Jul 10 11:51 sess_ST-340169-SLMX4gWeTRfgILxZ4lzZ-idmcasprod1

So it appears that that directory is owned by apache and clearly apache can write to it. I am wondering about the 0k files though...

It's not a space issue:

Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_scissor01-lv_root
                       50G   21G   27G  45% /


18.6k

And like I mentioned, this worked before I upgraded from php 5.4 to 5.6



18.6k

Tried php7.0 and telling php to use memcached, still no dice. Going to try a memcache adapter and see if that works



18.6k

Think I discovered the problem. In IndexController.php I have this:

$query = PatientList::query();

//some code to add to the where clause

$this->persistent->searchParams = $query->getParams();

Doing a print_r on $query->getParams() gives me a massive amount of objects. I managed to look inside one of the session files that looked big and it contained a lot of what looked like binary data including Phalcon objects.

Probably there is some unicode issue where binary data is being messed up and when I try to look at it later it gets corrupted.