dev/core#4988 Standalone - use regular php session during install

[ufundo]

Before

Installing Standalone through the web UI crashes because the installer wants to initialise a session before the SessionHandler provided by Standaloneusers extension is available.

After

Use the default php session handler during install.

Technical Details

This just opts out of the custom SessionHandler based on CIVI_SETUP being set - other parameters to the session_start call ( in particular the custom session cookie name ) are retained.

Questions:

• is there any risk to the opt-out based on CIVI_SETUP? could anything bad happen if CIVI_SETUP is set when it shouldn't be?
• when exactly does the transfer over to the "proper" standaloneusers session happen? will anything important from the session be lost at this point? e.g. notices from the install phase?

An alternative solution is to hook in early to enable the standaloneusers extension: #29362

[civibot]

🤖 Thank you for contributing to CiviCRM! ❤️ We will need to test and review this PR. 👷

Introduction for new contributors...

• If this is your first PR, an admin will greenlight automated testing with the command ok to test or add to whitelist.
• A series of tests will automatically run. You can see the results at the bottom of this page (if there are any problems, it will include a link to see what went wrong).
• A demo site will be built where anyone can try out a version of CiviCRM that includes your changes.
• If this process needs to be repeated, an admin will issue the command test this please to rerun tests and build a new demo site.
• Before this PR can be merged, it needs to be reviewed. Please keep in mind that reviewers are volunteers, and their response time can vary from a few hours to a few weeks depending on their availability and their knowledge of this particular part of CiviCRM.
• A great way to speed up this process is to "trade reviews" with someone - find an open PR that you feel able to review, and leave a comment like "I'm reviewing this now, could you please review mine?" (include a link to yours). You don't have to wait for a response to get started (and you don't have to stop at one!) the more you review, the faster this process goes for everyone 😄
• To ensure that you are credited properly in the final release notes, please add yourself to contributor-key.yml
• For more information about contributing, see CONTRIBUTING.md.

Quick links for reviewers...

• ➡️ PR Demo site (can be rebuilt with the command test this please).
• 📖 Review standards
• 🗒️ Review template (brief or verbose)

➡️ Online demo of this PR 🔗

[civibot]

The issue associated with the Pull Request can be viewed at https://lab.civicrm.org/dev/core/-/issues/4988

[artfulrobot]

I tried running this but got this:

Fatal error: Uncaught Error: Class "Civi\Standalone\SessionHandler" not found in /var/www/sastarter.localhost/vendor/civicrm/civicrm-core/CRM/Utils/System/Standalone.php on line 556

Scrap that! I think i had the wrong patch!

[artfulrobot]

With this patch, civi installed and got me to the login screen. However, then the javascript dies on hitting Submit:

bc...

Fatal error: Uncaught Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference in /var/www/sastarter.localhost/vendor/civicrm/civicrm-core/Civi/Crypto/CryptoJwt.php on line 92

( ! ) Error: Firebase\JWT\JWT::decode(): Argument #3 ($headers) cannot be passed by reference in /var/www/sastarter.localhost/vendor/civicrm/civicrm-core/Civi/Crypto/CryptoJwt.php on line 92

I followed that - it does seem a php8.1 error in our crypto code but then got another error, this time from JWT:

( ! ) Fatal error: Uncaught TypeError: Firebase\JWT\JWT::getKey(): Return value must be of type Firebase\JWT\Key, string returned in /var/www/sastarter.localhost/vendor/firebase/php-jwt/src/JWT.php on line 482

( ! ) TypeError: Firebase\JWT\JWT::getKey(): Return value must be of type Firebase\JWT\Key, string returned in /var/www/sastarter.localhost/vendor/firebase/php-jwt/src/JWT.php on line 482

I couldn't find anything in the issue queue about this, so wondering if it is related at all?! Perhaps we're using a JWT on the session during installation or something?

Does this PR work for you?

[MegaphoneJon]

! ) Fatal error: Uncaught TypeError: Firebase\JWT\JWT::getKey(): Return value must be of type Firebase\JWT\Key, string returned in /var/www/sastarter.localhost/vendor/firebase/php-jwt/src/JWT.php on line 482

I've seen this in my client's logs, but haven't been able to track it down to anything in particular yet.

[seamuslee001]

@MegaphoneJon do you have this patch or something similar applied? #29345

[MegaphoneJon]

@MegaphoneJon do you have this patch or something similar applied? #29345

I do not. But also I don't want us to hijack this PR for the discussion. I'll look into this later and create a ticket.

[ufundo]

Converting this to draft because I think collective wisdom is that #29362 is the better solution. If you think otherwise, shout!

[ufundo]

Yep, that patch fixed the login issue for me, thanks @seamuslee001

I'll rebase both of these for good measure but I think the other one is the way to go

[ufundo]

After an interesting tour round the houses I think I'm back to preferring this as being the neatest and most reliable approach. It's right at the danger point where we call the extension class, it's in the System utils rather than adding conditionals into core code, and... it works.

I've added a commit to use a distinct cookie name during install, to avoid any nasty collisions between the real session and this temporary one.

[totten]

@ufundo That sounds pretty persuasive to me...

Setting a separate cookie for the setup-screen makes perfect sense (given the different session-storage requirements).

[artfulrobot]

@ufundo

I tried installing from this PR.

The installer ran fine, but on clicking through to civicrm (login) I see:

session_set_save_handler(): Session save handler cannot be changed when a session is active [2]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 565
session_start(): Ignoring session_start() because a session is already active [8]
/var/www/standalone.localhost/web/core/CRM/Utils/System/Standalone.php line 578

These notices show on every page.

I tried deleting my cookies, which correctly bounces me back to the login screen, but still with the same notices.

[artfulrobot]

Update: I can't reproduce the error messages I had earlier, having done two fresh installs now, so let's assume that didn't happen.

Merging! Thanks @ufundo great to have this one out the way.

[ufundo]

woohoo thanks @artfulrobot :)