PHP error message on newly upgraded site to 4.3.8
News and General
I just updated a website (call it website A) running 3.5.17 to 4.3.8 on a server running PHP 7.3. At the login screen and also when logged in I get the following warning:
“Warning
session_set_cookie_params(): Cannot change session cookie parameters when session is active
ee/legacy/libraries/Core.php, line 130
Severity: E_WARNING”
The website runs ok and the admin areas seems to function but the updater at the bottom will not let me update from 4.3.8.
Earlier this week (in anticipation of wanting to update EE on website A) I updated an unimportant website (call it website B) on the same server (different domain name) from 3.5.17 to 5.1.2 via 4.3.6. That update went fine without any warnings.
Is there something different about 4.3.8 than 4.3.6 likely to have led to this error message?
Should I attempt to update EE (website A) manually to 5.1.2 or should I get it working nicely (without error warnings) first? Thanks.
Likely you have some custom code that is trying to use native PHP sessions too early. ExpressionEngine manages your application cookie settings to keep everything consistent and under the site administrator’s control, and it sets the session cookie parameters at the point where you are seeing that error to match the site’s preferences. I’d go through your add-ons and find which offender is running session_start() too early, etc. If they are all third-party add-ons, I’d make sure that you’re up to date on all of them.
Thanks for responding, Derek. The odd thing is that I’m not running any third-party add-ons, just a few of the standard EE ones. I ended up looking at the admin.php file and noticed that error reporting was set to “$debug =1;”. I changed this to “$debug = 0;” and (perhaps not surprisingly) the error message has gone away. I was then able to update via the one-click updater to 5.1.2. In your opinion should I change the $debug = back to 1? (I notice from other EE 5 installations on other servers that $debug = 0 in the admin.php file).
All that’s doing is hiding the error, not fixing the problem. You have custom code executing somewhere even if not from an add-on, perhaps dynamic config? i.e. “master” config or similar.
Thanks Derek. Yes, I realise that I’m hiding the problem. I’m a long(ish) time EE user but I’m a designer rather than a coder so I’m afraid I’m not sure what your suggestion really means. Is there a simple process I should go to eliminate this “custom code”? I was rather hoping that updating to 5.1.2 might have done the trick but turning the debug setting back to 1, the error message has come back.
Updating the core application won’t solve the problem because the problem is from non-native code. ? And hiding the error is bad because it’s still occurring in the background; PHP spins up it’s error reporting, broadcasts the error to the appropriate locations, which then suppress it from being displayed, but you’re still spending that CPU and memory. And most importantly, ExpressionEngine isn’t functioning properly because it cannot set the session cookie to observe your ExpressionEngine cookie preferences because of the code that is hijacking it earlier.
You need to find where PHP sessions are being referenced and remove/move them. Can you copy your system/user/config/config.php file here, making sure to remove your URLs, passwords, and encryption keys? That might provide a clue. Also a snapshot of the top level of your system/user/addons folder.
Thanks Derek. I have hidden the error because it appears on the admin.php login screen and the website is well used by my client whom I’d rather not alarm unnecessarily.
I’m not sure how to show a screenshot here but my system/user/addons folder contains only the index.html file and a folder for freeform_next (which I know is third-party but is not installed). Now I mention this, do you think that might be the culprit? I’m happy to remove it because I do not use it.
My config.php file has the following contents (passwords, etc. redacted).
<?php if ( ! defined(‘BASEPATH’)) exit(‘No direct script access allowed’);
/* |————————————————————————– | ExpressionEngine Config Items |————————————————————————– | | The following items are for use with ExpressionEngine. The rest of | the config items are for use with CodeIgniter, some of which are not | observed by ExpressionEngine, e.g. ‘permitted_uri_chars’ | */
$config[‘app_version’] = ‘5.1.2’; $config[‘license_contact’] = ‘#@##’; $config[‘license_number’] = ‘#############’; $config[‘debug’] = ‘1’; $config[‘cp_url’] = ‘#######/admin.php’; $config[‘doc_url’] = ‘https://docs.expressionengine.com/v2/’; $config[‘is_system_on’] = ‘y’; $config[‘allow_extensions’] = ‘y’; $config[‘cookie_prefix’] = ”;
$config[‘index_page’] = ”; $config[‘cache_driver’] = ‘file’; $config[‘database’] = array ( ‘expressionengine’ => array ( ‘hostname’ => ‘localhost’, ‘username’ => ‘###’, ‘password’ => ‘#######’, ‘database’ => ‘########’, ), ); $config[‘enable_devlog_alerts’] = ‘n’; $config[‘multiple_sites_enabled’] = ‘n’; $config[‘session_crypt_key’] = ‘############################’; $config[‘save_tmpl_files’] = ‘n’; $config[‘share_analytics’] = ‘y’; $config[‘show_ee_news’] = ‘y’;
// END EE config items
That is not the entirety of your config file, is it? Please post the whole thing, and click the “Use Markdown” link below the reply textarea for tips on formatting code blocks.
Yes, remove Freeform if it is not installed. Its presence could still be executing PHP because ExpressionEngine has to read the files to know what’s there, and if the developer has included procedural code in the global space, it will run as soon as ExpressionEngine includes the file.
Yes, that’s the entirety of my config.php file. The Freeform folder has been there for some time and pre-dates the appearance of the error message (which only appeared when going from 3.5.17 to 4.3.8). By the way, this EE installation was originally 2.7 (or so) and was upgraded to 3 then over time to 3.5.17. The EE installation for another website on this server (which I referred to as website B in my opening post) started life as EE 3+ and was updated to 4.3.6 and then, via one-click updater to 5.1.2. That installation is free of the error message (even set to $debug=1). I’ll remove the Freeform folder and see what happens. Thanks for your help so far, Derek.
Sorry, just scrolled further down my config.php file and can see there is loads more!
==============================
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
|--------------------------------------------------------------------------
| ExpressionEngine Config Items
|--------------------------------------------------------------------------
|
| The following items are for use with ExpressionEngine. The rest of
| the config items are for use with CodeIgniter, some of which are not
| observed by ExpressionEngine, e.g. 'permitted_uri_chars'
|
*/
$config['app_version'] = '5.1.2';
$config['license_contact'] = '###';
$config['license_number'] = '###';
$config['debug'] = '1';
$config['cp_url'] = '###admin.php';
$config['doc_url'] = 'https://docs.expressionengine.com/v2/';
$config['is_system_on'] = 'y';
$config['allow_extensions'] = 'y';
$config['cookie_prefix'] = '';
$config['index_page'] = '';
$config['cache_driver'] = 'file';
$config['database'] = array (
'expressionengine' =>
array (
'hostname' => 'localhost',
'username' => '###',
'password' => '###',
'database' => '###',
),
);
$config['enable_devlog_alerts'] = 'n';
$config['multiple_sites_enabled'] = 'n';
$config['session_crypt_key'] = '###';
$config['save_tmpl_files'] = 'n';
$config['share_analytics'] = 'y';
$config['show_ee_news'] = 'y';
// END EE config items
/*
|--------------------------------------------------------------------------
| URI PROTOCOL
|--------------------------------------------------------------------------
|
| This item determines which server global should be used to retrieve the
| URI string. The default setting of "AUTO" works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO' Default - auto detects
| 'PATH_INFO' Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI' Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = 'AUTO';
/*
|--------------------------------------------------------------------------
| Default Character Set
|--------------------------------------------------------------------------
|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = 'UTF-8';
/*
|--------------------------------------------------------------------------
| Class Extension Prefix
|--------------------------------------------------------------------------
|
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'EE_';
/*
|--------------------------------------------------------------------------
| Error Logging Threshold
|--------------------------------------------------------------------------
|
| If you have enabled error logging, you can set an error threshold to
| determine what gets logged. Threshold options are:
|
| 0 = Disables logging, Error logging TURNED OFF
| 1 = Error Messages (including PHP errors)
| 2 = Debug Messages
| 3 = Informational Messages
| 4 = All Messages
|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
*/
$config['log_threshold'] = 0;
/*
|--------------------------------------------------------------------------
| Error Logging Directory Path
|--------------------------------------------------------------------------
|
| Leave this BLANK unless you would like to set something other than the
| default system/expressionengine/logs/ directory. Use a full server path
| with trailing slash.
|
| Note: You may need to create this directory if your server does not
| create it automatically.
|
*/
/*
|--------------------------------------------------------------------------
| Date Format for Logs
|--------------------------------------------------------------------------
|
| Each item that is logged has an associated date. You can use PHP date
| codes to set your own date formatting
|
*/
$config['log_date_format'] = 'Y-m-d H:i:s';
/*
|--------------------------------------------------------------------------
| Cache Directory Path
|--------------------------------------------------------------------------
|
| Leave this BLANK unless you would like to set something other than the
| default system/expressionengine/cache/ directory. Use a full server path
| with trailing slash.
|
*/
/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| If you use the Encryption class or the Sessions class with encryption
| enabled you MUST set an encryption key. See the user guide for info.
|
*/
$config['encryption_key'] = '###';
/*
|--------------------------------------------------------------------------
| Rewrite PHP Short Tags
|--------------------------------------------------------------------------
|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
*/
$config['rewrite_short_tags'] = TRUE;
/* End of file config.php */
/* Location: ./system/expressionengine/config/config.php */Thanks. So the good news is that it isn’t coming from your config file. But it’s still coming from somewhere.
The error just started appearing because EE only started ensuring the session cookie prefs matched your application prefs in v4. Did you update your index.php and admin.php files as well? Perhaps there is custom code there. The error:
Cannot change session cookie parameters when session is active
Indicates that session_start() is sitting somewhere between the opening PHP tag in your admin.php file and that line of the Core.php file where ExpressionEngine tries to set session cookie prefs.
Removing Freeform did the trick, Derek. The error message no longer appears and it looks like I can safely leave the $debug set to 1 without scaring my client. Many thanks for your patient help, as always.
Glad to help. I’m guessing an older version of that add-on was instantiating a session in its addon.setup.php Provider file. Developers take note: don’t put procedural code in your Provider files, they have a single purpose: to provide static information to the application informing it about your add-on!
Side-note: you can leave that set to 0 in production, and just make sure that your debugging preferences are set to show errors to logged-in Super Admins.
To answer your question above, Derek, yes I believe that I did update the admin.php and index.php filed when upgrading from 3.5.17 to 4.3.8. My MO is usually to rename the old versions of those two files and then upload the new ones. The other stuff (themes/ee and system/ee) I simply allow Fetch (my FTP software) to overwrite the old. When everything is working I delete the admin_old.php and index_old.php files. I must admit I usually update the files on the live server (after backing them up) which I know isn’t recommended.
Hi Derek, sorry to be a bother but, whilst logged in as super admin, I am getting error messages on the front end this website when I use the search function. Would you like me to start a new post or should I post details below? I can’t imagine the problem is related to the one I opened with other than this error message didn’t appear when the website was running 3.5.17.