HolmesHustle Posted February 1, 2007 Share Posted February 1, 2007 Ok So I am getting this error message on first run after install: Warning: session.auto_start is enabled - please disable this php feature in php.ini and restart the web server. then upon going to another page or refresh or anything it gives: Fatal error: Unknown(): The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition navigationhistory of the object you are trying to operate on was loaded _before_ the session was started in /home/onestoph/public_html/shop/includes/application_top.php on line 309 im assuming due to the fact of the session auto_start.... ok so i send in a support ticket and this is what i get: "Hi Chris, I just received word from the data centre. Server Admin will not disable auto start session. Disabling auto start session is a severe security risk. According to server admin for the reasons stated below : There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. Thanks, Cheryl" soo i sent back another creative message and got this back: "Hi Chris, I'm sorry, but I cannot give you an exact date for php5. I have sent 3 tickets to the data centre, and the last one stated they could not provide a definate date as to the installation. As for your problem with session.autostart the data centre will not disable this feature because it will put "everyone" on the server at risk. I'm sorry this is not the news you wished to hear. However, you might be able to disable this feature through htaccess or by editing your application_top.php file in your oscommerce folder. Oscommerce forums have alot of useful information regarding this. You might also do a search google as well. Thanks, Cheryl" ...soooo what to do, what....to...do!!! Link to comment Share on other sites More sharing options...
HolmesHustle Posted February 1, 2007 Author Share Posted February 1, 2007 anyone!?! Link to comment Share on other sites More sharing options...
HolmesHustle Posted February 1, 2007 Author Share Posted February 1, 2007 I added: php_value session.auto_start to .htaccess and it seemed to fix it however im not completly sure Link to comment Share on other sites More sharing options...
Sinister-Racing Posted July 25, 2007 Share Posted July 25, 2007 Has this been figured out? I am having the same issue. I have setup over 15 OSC sites and have never had this issue. Link to comment Share on other sites More sharing options...
seanpatrick Posted August 24, 2007 Share Posted August 24, 2007 yeah, i'd love to know how to fix this... would this be causing the pages to load blank after the initial load? Link to comment Share on other sites More sharing options...
Dennisra Posted August 24, 2007 Share Posted August 24, 2007 CXLII. Session Handling Functions Introduction Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the appeal of your web site. A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL. The session support allows you to register arbitrary numbers of variables to be preserved across requests. When a visitor accesses your site, PHP will check automatically (if session.auto_start is set to 1) or on your request (explicitly through session_start() or implicitly through session_register()) whether a specific session id has been sent with the request. If this is the case, the prior saved environment is recreated. Caution If you do turn on session.auto_start then you cannot put objects into your sessions since the class definition has to be loaded before starting the session in order to recreate the objects in your session. All registered variables are serialized after the request finishes. Registered variables which are undefined are marked as being not defined. On subsequent accesses, these are not defined by the session module unless the user defines them later. Warning Some types of data can not be serialized thus stored in sessions. It includes resource variables or objects with circular references (i.e. objects which passes a reference to itself to another object). Note: Session handling was added in PHP 4.0. Note: Please note when working with sessions that a record of a session is not created until a variable has been registered using the session_register() function or by adding a new key to the $_SESSION superglobal array. This holds true regardless of if a session has been started using the session_start() function. <h1 class="section">Sessions and security</h1> External links: Session fixation The session module cannot guarantee that the information you store in a session is only viewed by the user who created the session. You need to take additional measures to actively protect the integrity of the session, depending on the value associated with it. Assess the importance of the data carried by your sessions and deploy additional protections -- this usually comes at a price, reduced convenience for the user. For example, if you want to protect users from simple social engineering tactics, you need to enable session.use_only_cookies. In that case, cookies must be enabled unconditionally on the user side, or sessions will not work. There are several ways to leak an existing session id to third parties. A leaked session id enables the third party to access all resources which are associated with a specific id. First, URLs carrying session ids. If you link to an external site, the URL including the session id might be stored in the external site's referrer logs. Second, a more active attacker might listen to your network traffic. If it is not encrypted, session ids will flow in plain text over the network. The solution here is to implement SSL on your server and make it mandatory for users. <h1 class="section">Requirements</h1>No external libraries are needed to build this extension. Note: Optionally you can use shared memory allocation (mm), developed by Ralf S. Engelschall, for session storage. You have to download mm and install it. This option is not available for Windows platforms. Note that the session storage module for mm does not guarantee that concurrent accesses to the same session are properly locked. It might be more appropriate to use a shared memory based filesystem (such as tmpfs on Solaris/Linux, or /dev/md on BSD) to store sessions in files, because they are properly locked. Session data is stored in memory thus web server restart deletes it. <h1 class="section">Installation</h1> Session support is enabled in PHP by default. If you would not like to build your PHP with session support, you should specify the --disable-session option to configure. To use shared memory allocation (mm) for session storage configure PHP --with-mm[=DIR] . The windows version of PHP has built in support for this extension. You do not need to load any additional extension in order to use these functions. Note: By default, all data related to a particular session will be stored in a file in the directory specified by the session.save_path INI option. A file for each session (regardless of if any data is associated with that session) will be created. This is due to the fact that a session is opened (a file is created) but no data is even written to that file. Note that this behavior is a side-effect of the limitations of working with the file system and it is possible that a custom session handler (such as one which uses a database) does not keep track of sessions which store no data. Link to comment Share on other sites More sharing options...
Dennisra Posted August 25, 2007 Share Posted August 25, 2007 If you get something like "Warning: session_start():"... then your PHP is misconfigured. You probably need to set session.save_path correctly (on linux / unix "session.save_path /tmp" is a good choice). And / or you need to configure the session.save_handler correctly ("session.save_handler files" is a good choice). These settings are in php.ini of your PHP installation and you need to restart the webserver after the changes. You may be able to set the necessary PHP session variables without altering your main php.ini file by placing configuration directives in your Gallery directory's .htaccess file (Reference). Link to comment Share on other sites More sharing options...
Hoggo Posted June 26, 2008 Share Posted June 26, 2008 I added: php_value session.auto_start to .htaccess and it seemed to fix it however im not completly sure Put "session.auto_start = Off" in your php.ini. If you don't have a php.ini file, create a new file in the root directory of your website, call it php.ini and add that line. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.