As far as I can see MODX is not always calling session_start(). What am I doing wrong.
Step to reproduce
My site used to handle the PHP session itself, calling session_start() and handling timeouts and hack attempts. But that resulted in getting logged out of the MODX manager frequently.
Reading docs and forum posts I saw the recommendation is to let MODX call session_start(). However when I removed my own call to session_start() sometimes there was no session being started. All of my code is in snippets called up in MODX resources so I would have expected the session to work. But I cannot write to $_SESSION and I see that the session status is none.
Everything works if I am logged in to the manager and running my site in another tab.
I found a workaround by setting in php.ini “session.auto_start = 1” but it doesn’t sound like that’s the best approach. Although I only use the manager for the error log and for settings and maintainance, my code handles it’s own login database for my users, I don’t need to use the MODX manager at run time.
I have also read somewhere that creating output before calling session_start() will cause it to fail, but I don’t think I’m doing that.
And in another post folks talked about running MODX externally, not sure what that means.
Observed behavior
Unable to write to $_SESSION.
Expected behavior
Environment
MODX 3.11, shared hosting, Apache, MySQL 15.1, PHP 8.3, browser: Brave or Safari.
By default, MODX should start a session for every request.
Make sure, that the system setting anonymous_sessions is set to Yes and that there doesn’t exist a context setting with the same name (for the context in question) that overrides this value to No.
Also check if there is a context setting session_enabled that deactivates the sessions for a context.
In a custom PHP file, you can create a MODX object, so that you can access the MODX functionality outside of snippets/plugins.
See the documentation here (for MODX 3).
halftrainedharry … You nailed it, anonymous_sessions was set to No in my web context. Not sure how that got there, I was probably making some tests. Glad I asked the question now, thank you.
So I’m now setting anonymous_sessions to On in all my MODX sites and hope that’s the end of this problem. I see in modX.php that setting it On forces session start.
However as an experiment I removed (commented out) “session.auto_start = 1” from my php.ini file but left anonymous_sessions set to No in the manager and I could still write to $_SESSION, so the session was started. Also in phpinfo (from System Info in the manager) it says auto_start is On in the Local column. On the other hand looking in my cPanel MultiPHP INI Editor session.auto_start is commented out, so I guess the default setting is On.
Next I edited my php.ini and set “session.auto_start = 0”, and verified that it was off in phpinfo. The problem of not being able to write to $_SESSION didn’t come back, and I had made sure that I didn’t have any other tabs open on the manager or anything else MODX.
Maybe I don’t understand these settings enough, it seems as if there is some latency, maybe something cached somewhere.
This topic was automatically closed 2 days after discussion ended and a solution was marked. New replies are no longer allowed. You can open a new topic by clicking the link icon below the original post or solution and selecting “+ New Topic”.