-
Bug
-
Resolution: Fixed
-
Minor
-
Future Dev, 4.3
There are various places eg MDL-79617, MDL-73317 where read only sessions is detecting session mutations because the navcache is being either set or reset. But the nav cache should be a cache and it should be safe to reset it at any point in time. The root cause is that it is directly stored in $SESSION rather than it being managed the same as any other cache via MUC where it could be correctly mapped to another place outside of the session when readonly sessions is configured and enabled.
It should be a fairly easy refactor to swap it over to MUC, this is pretty old code and just predates MUC I don't think there is any deeper reason why it isn't already using MUC.
https://github.com/moodle/moodle/blob/master/lib/navigationlib.php#L6010-L6027
Reproduction steps:
1. Go to https://example.com/cache/admin.php
2. Add an instance of File cache under {}Installed cache stores{} with any name you want.
3. Scroll to the bottom of the page to the *Stores used when no mapping is present* section and click on {}Edit mappings{}.
4. Update Cache administration of Session to the new file cache that you have created in step #2 and Save Changes.
5. Purge Session Cache Manually: Navigate to the moodledata directory, locate the sessions directory, and delete the contents to clear the session.
rm -rf /path/to/moodledata/sessions/*
6. Enable readonly sessions and sessions debug in config.php and visit the site.
$CFG->enable_read_only_sessions = true; |
$CFG->enable_read_only_sessions_debug = true; |
7. Create a `step-one.php` file in the root of your Moodle directory with the following content which simulates the default state the session is in before the navigation state is cached:
require(__DIR__ . '/config.php');
|
unset($SESSION->navcache);
|
echo "Step one";
|
8. Create a `step-two.php` file in the root of your Moodle directory with the following content which simulates the cache being initialized, which counts as a write to the session manager:
define('READ_ONLY_SESSION', true); |
require(__DIR__ . '/config.php'); |
navigation_cache::destroy_volatile_caches();
|
echo "Step two"; |
9. Open a terminal and tail the error logs
10. Visit `step-one.php` and `step-two.php` in the browser in order with the following URLs:
- https://<wwwroot_url>/step-one.php
- https://<wwwroot_url>/step-two.php
Now, you will notice a similar error message on the terminal:
[02-Jul-2024 13:05:28] WARNING: [pool www] child 9 said into stderr: "NOTICE: PHP message: Script /step-two.php defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->navcache"
- will help resolve
-
MDL-79617 Close session early during file upload process
- Closed