session_regenerate_id error

[weierophinney]

Warning: session_regenerate_id(): Session object destruction failed. ID: user (path: /var/lib/php/sessions) in /var/www/vendor/zendframework/zend-session/src/SessionManager.php on line 324

Using

PHP 7.0.13-0ubuntu0.16.04.1 (cli) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.13-0ubuntu0.16.04.1, Copyright (c) 1999-2016, by Zend Technologies
    with Xdebug v2.4.0, Copyright (c) 2002-2016, by Derick Rethans

---

Originally posted by @pensiero at zendframework/zend-session#70

[weierophinney]

It seems something related to zendframework/zend-session#67 and zendframework/zend-session#46

---

Originally posted by @pensiero at zendframework/zend-session#70 (comment)

[weierophinney]

@pensiero any affected versions? Any way to reproduce it with a test (@runInSeparateProcess stuff, maybe?)

---

Originally posted by @Ocramius at zendframework/zend-session#70 (comment)

[weierophinney]

I found that it was related to this line:

$session->regenerateId(true);

that was part of this:

        $session = $event->getApplication()->getServiceManager()->get('Zend\Session\SessionManager');
        $session->start();

        $container = new Container('initialized');
        if (!isset($container->init)) {
            $serviceManager = $event->getApplication()->getServiceManager();
            $request = $serviceManager->get('request');

            $session->regenerateId(true);
            $container->init = 1;
            $container->remoteAddr = $request->getServer()->get('REMOTE_ADDR');
            $container->httpUserAgent = $request->getServer()->get('HTTP_USER_AGENT');

            $config = $serviceManager->get('config');
            if (!isset($config['session'])) {
                return;
            }

            $sessionConfig = $config['session'];
            if (isset($sessionConfig['validators'])) {
                $chain = $session->getValidatorChain();

                foreach ($sessionConfig['validators'] as $validator) {
                    switch ($validator) {
                        case 'Zend\Session\Validator\HttpUserAgent':
                            $validator = new $validator($container->httpUserAgent);
                            break;
                        case 'Zend\Session\Validator\RemoteAddr':
                            $validator = new $validator($container->remoteAddr);
                            break;
                        default:
                            $validator = new $validator();
                    }

                    $chain->attach('session.validate', [$validator, 'isValid']);
                }
            }
        }

that is part of the code written here: https://framework.zend.com/manual/2.4/en/modules/zend.session.manager.html

Can I safely remove that line?

---

Originally posted by @pensiero at zendframework/zend-session#70 (comment)

[weierophinney]

I have the same problem with PHP Version 7.1.9-1+ubuntu16.04.

---

Originally posted by @n0v3xx at zendframework/zend-session#70 (comment)

[weierophinney]

2017/09/28 18:18:28 [error] 413#413: 128 FastCGI sent in stderr: "PHP message: PHP Warning: session_regenerate_id(): Session object destruction failed. ID: user (path: /var/www/clients/client1/web1/tmp) in /var/www/clients/client1/web1/web/tags/2.0.0/vendor/zendframework/zend-session/src/SessionManager.php on line 329" while reading response header from upstream, client: 162.158., server: , request: "POST /user/login HTTP/1.1", upstream: "fastcgi://unix:/var/lib/php7.0-fpm/web1.sock:", host: "", referrer: "https://*/user/login"

@Ocramius , can you check this problem again? can you try the example from @pensiero

---

Originally posted by @n0v3xx at zendframework/zend-session#70 (comment)

[weierophinney]

I dont know why but when the deleteOldSeession param is true the error occur. If the value on false all works well. I dont know if that a zend or php7 problem?

vendor/zendframework/zend-session/src/SessionManager.php

public function regenerateId($deleteOldSession = false)
    {
        if ($this->sessionExists()) {
            session_regenerate_id((bool) $deleteOldSession);
        }

        return $this;
    }

---

Originally posted by @n0v3xx at zendframework/zend-session#70 (comment)

[weierophinney]

Any update on this? It's still gives error on tests but not on rest or http request.

---

Originally posted by @Zebercet at zendframework/zend-session#70 (comment)

[weierophinney]

@pensiero @n0v3xx
I've tried example from the docs and I am not getting any error.
What is your configuration (session_config/session_storage/session_manager)?

I've tried the following:

return [
    'session_config' => [
        'phpSaveHandler' => 'files',
    ],
    'session_storage' => [
        'type' => 'ArrayStorage',
    ],
    'session_manager' => [
        'config' => [
            'class' => Session\Config\SessionConfig::class,
            'options' => [
                'name' => 'myapp',
            ],
        ],
        'storage' => Session\Storage\SessionArrayStorage::class,
        'validators' => [
            Session\Validator\RemoteAddr::class,
            Session\Validator\HttpUserAgent::class,
        ],
    ],
];

---

Originally posted by @michalbundyra at zendframework/zend-session#70 (comment)