Unyson
Unyson copied to clipboard
ThemeFuse
Critical PHP Issue: An active PHP session was detected.
I'm getting the following error in my Site Health settings. After deactivating ALL plugins and reactivating one by one, I found that Unyson is the culprate.
A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.
And I have the exact same issue with WP 5.5.1 and Unyson 2.7.24 and have remove Unyson than no problem. Please give me the solution
Can Reproduce on latest 2.7.24: A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.
@jmhmedia , @jeremyJJB , @wholthof Hi guys, I made some pull requests, please review and suggest corrections if you can:
#4052 #4051
The best,
Hi,
I have modify the 2 files but now I canot startup the website.
After I change to the old situation I can startup my website
Please give a good tested update from Unyson.
Met vriendelijke groeten,
Wim Holthof
Deurzerdiep 30 | 8032 NA | Zwolle ................................................................ Wim Holthof ' 06 112 39503 E-mail: mailto:[email protected] [email protected]
Van: Franck Adil Koumba [mailto:[email protected]] Verzonden: vrijdag 11 september 2020 16:42 Aan: ThemeFuse/Unyson [email protected] CC: wholthof [email protected]; Mention [email protected] Onderwerp: Re: [ThemeFuse/Unyson] Critical PHP Issue: An active PHP session was detected. (#4048)
@jmhmedia https://github.com/jmhmedia , @jeremyJJB https://github.com/jeremyJJB , @wholthof https://github.com/wholthof Hi guys, I made some pull requests, please review and suggest corrections if you can:
#4052 https://github.com/ThemeFuse/Unyson/pull/4052 #4051 https://github.com/ThemeFuse/Unyson/pull/4051
The best,
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-691136246 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ5IBX7ENCDCT4TWO36Z5YDSFIZL7ANCNFSM4QZPQIOQ . https://github.com/notifications/beacon/AQ5IBXZZH2UVNMRR5KMX4L3SFIZL7A5CNFSM4QZPQIO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFEY6N5Q.gif
Hi, I have modify the 2 files but now I canot startup the website. After I change to the old situation I can startup my website Please give a good tested update from Unyson.
@franckadil I took a look at the code it looks like everything is closed. Full disclosure I'm not an expert in PHP or WP plugin dev. Going off what @wholthof mentioned in his previous comment, it seems that one too many sessions have been closed since the site would not load but I'm not sure. Thank you for taking the initiative on this. I've been having a lot of headaches with Unyson lately.
My workarround is add in below in themes/xxxx/funtions.php if (!function_exists('_disable_fw_use_sessions')) { add_filter('fw_use_sessions','_disable_fw_use_sessions'); function _disable_fw_use_sessions(){ return false; } }
AGAIN THE URGENT REQUEST THAT UNYSON RELEASES AN UPDATE ASAP !!!!!!!
Same here:
An active PHP session was detected. A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.
I've talked to my web host and they've confirmed it's the Unyson plugin that's initiating the session. When they deactivated the plugin (and crashed my site) the PHP error disappeared. I tried deleting Unyson and then reinstalling on a dev site and it caused massive corruption to my site.
@wholthof workaround 👍🏻 thanks! Adding to the urgent requests for a Unyson update.
@valeriuzdrobau @andreiglingeanu @ViorelEremia @GheorgheP @llemurya @sergiu-radu Can you Please release an update with this fix?
@franckadil sent a pull request with the fix.
I fixed it adding: session_write_close(); in lines 231 and 262 in this file: wp-content/plugins/unyson/framework/includes/hooks.php
229: session_start();
230: }
231: session_write_close();
232: }
WHY DOES UNYSON NOT ISSUE AN UPDATE THAT SOLVES THIS PROBLEM ??? Surely this is not always the case that everyone is looking for a solution. Unyson come up with that Update
Is there any solution or update yet?.
"A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests."
Same here, is December and Unyson Still didnt fix that issue? come on guys its a security issue are you serius? So many Themes are dependent from that, please fix your issues!
Same here.
From what I understand, Unyson plugin uses the session to store "Flash messages".
See file /framework/helpers/class-fw-flash-messages.php:
Store messages in session (to not be lost between redirects) and remove them after they were shown to the user
Some useful links :
- "Avoid using sessions"
- "WordPress Cookies and PHP Sessions – Everything You Need to Know" (-> "We don’t recommend using PHP sessions")
@ViorelEremia you seem to be the developer who would know the best how to rework this Flash Messages mechanism without sessions (see "Unyson not playing nice with Varnish-caching") You actually introduced the workaround to disabled sessions : "add hook to disable sessions".
I think it's time for your bosses to give you some time to think about a rework :) Have a great New Year's Eve.
Cheers
We are still experiencing this issue. Any activity still going on here? And if not, is there a possibility to implement a fix and make a pullrequest ourselves?
Hey
Onderstaande heb ik nu na aanpassing in hooks.php op aktief
in lines 231 and 262 in this file: wp-content/plugins/unyson/framework/includes/hooks.php
229: session_start();
230: }
231: session_write_close();
232: }
Maar blijft een workarround en snap niet waarop er geen update komt
Met vriendelijke groeten,
Wim Holthof
Deurzerdiep 30 | 8032 NA | Zwolle ................................................................ Wim Holthof ' 06 112 39503 E-mail: mailto:[email protected] [email protected]
Van: Jascha van Aalst [email protected] Verzonden: vrijdag 5 maart 2021 16:25 Aan: ThemeFuse/Unyson [email protected] CC: wholthof [email protected]; Mention [email protected] Onderwerp: Re: [ThemeFuse/Unyson] Critical PHP Issue: An active PHP session was detected. (#4048)
We are still experiencing this issue. Any activity still going on here? And if not, is there a possibility to implement a fix and make a pullrequest ourselves?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-791488863 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ5IBX4ZHBVF3XCJW4K4EADTCDZVTANCNFSM4QZPQIOQ . https://github.com/notifications/beacon/AQ5IBX5OP2NYM5CTSJQDNJ3TCDZVTA5CNFSM4QZPQIO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOF4WSSXY.gif
This is the new (official) fix Click here https://github.com/ThemeFuse/Unyson/pull/4052/commits/da578e754381632b27289be3d92c1a3cc7f1d14f .
El vie, 5 de mar. de 2021 a la(s) 11:05, wholthof ([email protected]) escribió:
Hey
Onderstaande heb ik nu na aanpassing in hooks.php op aktief
in lines 231 and 262 in this file: wp-content/plugins/unyson/framework/includes/hooks.php
229: session_start();
230: }
231: session_write_close();
232: }
Maar blijft een workarround en snap niet waarop er geen update komt
Met vriendelijke groeten,
Wim Holthof
Deurzerdiep 30 | 8032 NA | Zwolle ................................................................ Wim Holthof ' 06 112 39503 E-mail: mailto:[email protected] [email protected]
Van: Jascha van Aalst [email protected] Verzonden: vrijdag 5 maart 2021 16:25 Aan: ThemeFuse/Unyson [email protected] CC: wholthof [email protected]; Mention [email protected] Onderwerp: Re: [ThemeFuse/Unyson] Critical PHP Issue: An active PHP session was detected. (#4048)
We are still experiencing this issue. Any activity still going on here? And if not, is there a possibility to implement a fix and make a pullrequest ourselves?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-791488863> , or unsubscribe < https://github.com/notifications/unsubscribe-auth/AQ5IBX4ZHBVF3XCJW4K4EADTCDZVTANCNFSM4QZPQIOQ> . < https://github.com/notifications/beacon/AQ5IBX5OP2NYM5CTSJQDNJ3TCDZVTA5CNFSM4QZPQIO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOF4WSSXY.gif>
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-791514837, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGUAZ4MB5GLE5A6ABSNEWXTTCD6L7ANCNFSM4QZPQIOQ .
This is the new (official) fix Click here <da578e7> . El vie, 5 de mar. de 2021 a la(s) 11:05, wholthof ([email protected]) escribió:
Thank you, though I believe that has an error in it at line 260 where there is an unrequired } in the code between the Session_Start and the session_start(['read_and_close' => true,]);
session_start(); } /** This shouldn't be here /** * PHP sessions created with session_start() function may cause issues with REST API and loopback requests due to cURL error 28. * @internal */ session_start(['read_and_close' => true,]); } }
Hey,
The official fix
Met vriendelijke groeten,
Wim Holthof
Deurzerdiep 30 | 8032 NA | Zwolle ................................................................ Wim Holthof ' 06 112 39503 E-mail: mailto:[email protected] [email protected]
Van: EddiebNZ [email protected] Verzonden: zaterdag 6 maart 2021 06:42 Aan: ThemeFuse/Unyson [email protected] CC: wholthof [email protected]; Mention [email protected] Onderwerp: Re: [ThemeFuse/Unyson] Critical PHP Issue: An active PHP session was detected. (#4048)
This is the new (official) fix Click here <da578e7 https://github.com/ThemeFuse/Unyson/pull/4052/commits/da578e754381632b27289be3d92c1a3cc7f1d14f > . El vie, 5 de mar. de 2021 a la(s) 11:05, wholthof ([email protected] mailto:[email protected] ) escribió:
Thank you, though I believe that has an error in it at line 260 where there is an unrequired } in the code
session_start(); } /** This shouldn't be here /** * PHP sessions created with session_start() function may cause issues with REST API and loopback requests due to cURL error 28. * @internal */ session_start(['read_and_close' => true,]); } }
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-791878294 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ5IBXZA4FN7KP5UHLG5OJLTCG6EBANCNFSM4QZPQIOQ .
The official fix
in lines 227 and 259 in this file: wp-content/plugins/unyson/framework/includes/hooks.php 229: session_start(); 230: } 231: session_write_close(); 232: }
See my comment above, the official fix has an extra } that shouldn't be in there, if you remove that the fix works, but it doesn't stop the PHP sessions error being listed in the Site Health screen.
The official fix is not working for me. Can't start the website. I go back to my solution that solves the problem
in lines 227 and 259 in this file: wp-content/plugins/unyson/framework/includes/hooks.php 229: session_start(); 230: } 231: session_write_close(); 232: }
if it is an official fix why they do not deploy an official update so we can update it as all other wordpress plugins, so we are sure that it works for everyone?
Daar ben ik het mee eens. Dit is toch geen offciële oplossing maar geknoei met de beste bedoeling natuurlijk
Hey,
My workaround is no longer showing active PHP session notifications. Isn't it better to use?
Wim
Van: EddiebNZ [email protected] Verzonden: zondag 7 maart 2021 23:48 Aan: ThemeFuse/Unyson [email protected] CC: wholthof [email protected]; Mention [email protected] Onderwerp: Re: [ThemeFuse/Unyson] Critical PHP Issue: An active PHP session was detected. (#4048)
See my comment above, the official fix has an extra } that shouldn't be in there, if you remove that the fix works, but it doesn't stop the PHP sessions error being listed in the Site Health screen.
The official fix is not working for me. Can't start the website. I go back to my solution that solves the problem
in lines 227 and 259 in this file: wp-content/plugins/unyson/framework/includes/hooks.php 229: session_start(); 230: } 231: session_write_close(); 232: }
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-792368118 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ5IBX57LTIUFK6BP7KQCHDTCP7AXANCNFSM4QZPQIOQ . https://github.com/notifications/beacon/AQ5IBX4BDMDDI5NIQ3GUDALTCP7AXA5CNFSM4QZPQIO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOF45JH5Q.gif
For me indeed no longer showing the notiication but i got 50 errors on chrome's developer tool on console, so i return to the official official!!!
Oke, works the official fine without problems?
Can you mail my a screenshot from the official
Wim
Van: apatsidis123 @.> Verzonden: maandag 8 maart 2021 19:13 Aan: ThemeFuse/Unyson @.> CC: wholthof @.>; Comment @.> Onderwerp: Re: [ThemeFuse/Unyson] Critical PHP Issue: An active PHP session was detected. (#4048)
For me indeed no longer showing the notiication but i got 50 errors on chrome's developer tool on console, so i return to the official official!!!
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/ThemeFuse/Unyson/issues/4048#issuecomment-792962751 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ5IBXZQZ7D6GQLKXFSZVQTTCUHRPANCNFSM4QZPQIOQ . https://github.com/notifications/beacon/AQ5IBXZDBO4FBOPD6LPQBRDTCUHRPA5CNFSM4QZPQIO2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOF5B2NPY.gif