\Phalcon\Http\Cookie->getValue() throws 502

Hello.

I try to get cookie value, but the code below thows a 502 Bad Gateway error on calling getValue() function. ```php $cookies = $this->di->get('cookies'); $cookie = $cookies->get('cookiename'); vardump($cookie->getValue()); exit; ``` Where $this is an instance if \Phalcon\Session\AdapterInterface.

Phalcon 1.1.0.



83.0k

$this->di is not available in instances of Phalcon\Session\AdapterInterface

edited Oct '14

I implement the InjectionAwareInterface in my class and inject it into:

$di->setShared('session', function() use ($di) {
    $session = new MyAdapter();
    $session->setDi($di);
    $session->start();
    return $session;
});

And $cookie is a correct instance of \Phalcon\Http\Cookie

Yes, it's very similar.



83.0k

I'm running that Gist here: http://test.phalconphp.com/session.php returning a normal response, can you please update the gist to obtain the error?

Try to move x() calling into callback:

<?php

class XSession extends Phalcon\Session\Adapter implements
    Phalcon\Session\AdapterInterface,
    Phalcon\DI\InjectionAwareInterface
{

    protected $_dependencyInjector;

    public function setDI($di)
    {
        $this->_dependencyInjector = $di;
    }

    public function getDI()
    {
        return $this->_dependencyInjector;
    }

    public function x()
    {
        $cookies = $this->getDI()->get('cookies');
        $cookie = $cookies->get('cookie_name');
        var_dump($cookie->getValue());
    }

}


$di = new Phalcon\DI\FactoryDefault();

$di->set('session', function() use ($di) {
    $session = new XSession();
    $session->setDI($di);
    echo $session->x();
    return $session;
});

$session = $di['session'];
echo $session->x();
edited Oct '14

I got a trace:

Service 'crypt' wasn't found in the dependency injection container
File: [...]/app/plugins/MyAdapter.php, line: [...]

#0 [internal function]: Phalcon\DI->get('crypt', NULL)
#1 [internal function]: Phalcon\DI->getShared('crypt')
#2 [...]/app/plugins/MyAdapter.php([...]): Phalcon\Http\Cookie->getValue()
#3 [...]/public/index.php([...]): MyAdapter->start()
#4 {main}


83.0k

In recent commits in the 1.1.0 branch, the 'crypt' service is now automatically registered by DI\FactoryDefault, could you try compiling 1.1.0 again?

Nothing changed. Can you test my code in Gist?



83.0k

Yep I see the problem, but it's not Phalcon related, an infinite loop is being created because the 'cookies' service requires the 'session' service and 'session' service requires the 'cookies' service. Since you're using the cookies service when the 'session' service is not completely initialized, this problem is happening. PHP does not deal great with infinite loops and sometimes these situations are ending in segmentation faults. While other languages can tell the developer about this in a friendly manner, PHP sometimes just crash due to the infinite recursion causes an overflow of the C stack.

My suggestion is avoid this kind of infinite recursion using services when you're completely sure they're fully initialized.

OK, but how to fix error with 'crypt' service? Thr code below doesn't work.

<?php

class XSession extends Phalcon\Session\Adapter implements
    Phalcon\Session\AdapterInterface,
    Phalcon\DI\InjectionAwareInterface
{

    protected $_dependencyInjector;

    public function setDI($di)
    {
        $this->_dependencyInjector = $di;
    }

    public function getDI()
    {
        return $this->_dependencyInjector;
    }

    public function start()
    {
        $cookies = $this->getDI()->get('cookies');
        $cookie = $cookies->get('session_id');
        var_dump($cookie->getValue());
    }

}


$di = new Phalcon\DI\FactoryDefault();

$di->set('session', function() use ($di) {
    $session = new XSession();
    $session->setDI($di);

    return $session;
});

$session = $di['session'];
echo $session->start();

It throws the Fatal error only if cookie 'session_id' is provided by user.

Fatal error: Uncaught exception 'Phalcon\DI\Exception' with message 'Service 'crypt' wasn't found in the dependency injection container' in [...]/public/index.php:24
Stack trace:
#0 [internal function]: Phalcon\DI->get('crypt', NULL)
#1 [internal function]: Phalcon\DI->getShared('crypt')
#2 [...]/public/index.php(24): Phalcon\Http\Cookie->getValue()
#3 [...]/public/index.php(40): XSession->start()
#4 {main} thrown in [...]/public/index.php on line 24

I recompile it again and 'crypt' service is not missing now :) But what about another problem? ```code Warning: mcrypt_decrypt(): The IV parameter must be as long as the blocksize in [...]/app/plugins/MyAdapter.php on line 80 ``` This warning shown on calling getValue().



83.0k

I think this is happening due to a missing encryption key for cookies. Phalcon automatically encrypts cookies before send them to the client and after obtain them from the client. You can set the encryption key this way:

https://github.com/phalcon/vokuro/blob/8db65cf0e1ff771bc85327f7e5f9689931db5028/app/config/services.php#L96

Or disable encryption (not recommended):

$di->set('cookies', function() {
  $cookies =  new Phalcon\Http\Response\Cookies();
  $cookies->useEncryption(false);
  return $cookies;
});

I get the salt from vokuro/app/config/config.php and used it, but nothing changed.



83.0k

Try removing the cookies from your browser manually, maybe there were encrypted wrong due to the missing key.

Yes, but I think, this warning is a security issue. Isn't it?

By simple value changing we can get a full path disclosure.



83.0k

I don't know you'll got warnings from PHP in several parts even if you're not aware of that. We can try to silent it, but what is really necessary is set the right error_reporting mode in production to avoid that any warning will be show to users.