Server Error on Production

+
0
-

I have an installation, which works fine locally, but on the production server gives error 500.

Local server:
$ php -v
PHP 7.1.17–0ubuntu0.17.10.1 (cli) (built: May 9 2018 17:28:01) ( NTS )
Copyright © 1997–2018 The PHP Group
Zend Engine v3.1.0, Copyright © 1998–2018 Zend Technologies
with Zend OPcache v7.1.17–0ubuntu0.17.10.1, Copyright © 1999–2018, by Zend Technologies

Production Server:
$ php -v
PHP 7.2.24–0ubuntu0.18.04.6 (cli) (built: May 26 2020 13:09:11) ( NTS )
Copyright © 1997–2018 The PHP Group
Zend Engine v3.2.0, Copyright © 1998–2018 Zend Technologies
with Zend OPcache v7.2.24–0ubuntu0.18.04.6, Copyright © 1999–2018, by Zend Technologies

So, something has changed. In the error.log I get the following:

[2020–07–06 16–37–05] PHP Warning: session_set_cookie_params(): Cannot change session cookie parameters when headers already sent in /var/www/my.domain/html/vendor/nette/http/src/Http/Session.php:426 @ https://my.domain/contact

Line 426 in Session.php is:

$cookie[‘httponly’]

So, the exception.html file tells me
Nette\InvalidStateException
Cannot start session when headers already sent
vendor/nette/http/src/Http/Session.php:90
$e = new Nette\InvalidStateException($message);

So, obviously headers are being sent before session start is called, and the only difference is ubuntu and PHP versions.
The error seems to come from the form generation… maybe?
Has anybody else seen this behaviour?

David Matějka
Moderator | 6260
+
0
-

Hi,
do you use addProtection in a form? In that case it is safer to manually start session in the presenter using $this->session->start()

+
0
-

Starting session in the presenter produces and error:

Nette\InvalidStateException
Service Session has not been set.

Currently the service creates the session from vendor/nette/http/src/Http/Session.php

Nette\Utils\Callback::invokeSafe('session_start', [], function ($message) use (&$e) {
  $e = new Nette\InvalidStateException($message);
});

This is where the error seems to originate, but not on my local copy, only on the production server, which has a slightly later version of PHP

Kevin

David Matějka wrote:

Hi,
do you use addProtection in a form? In that case it is safer to manually start session in the presenter using $this->session->start()