Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Event Case: Drupal 7.41 and PHP 7 (released) give these issues (reports):
"Exception Warning: user.pages.inc user_logout() session_destroy(): Session callback expects true/false return value."
Solution and (tested) Patch (via /includes/session.inc):
diff --git a/includes/session.inc b/includes/session.inc
--- a/session.inc 2015-10-22 06:17:40.000000000 +1030
+++ b/session.inc 2015-12-19 17:25:11.000000000 +1030
@@ -163,7 +163,7 @@
try {
if (!drupal_save_session()) {
// We don't have anything to do if we are not allowed to save the session.
- return;
+ return TRUE;
}
// Check whether $_SESSION has been changed in this request.
@@ -271,6 +271,7 @@
}
}
date_default_timezone_set(drupal_get_user_timezone());
+ return TRUE;
}
/**
@@ -292,6 +293,7 @@
$_SESSION += $session_data;
}
}
+ return TRUE;
}
/**
@@ -304,7 +306,7 @@
if (!drupal_save_session()) {
// We don't have anything to do if we are not allowed to save the session.
- return;
+ return TRUE;
}
if (empty($user->uid) && empty($_SESSION)) {
@@ -329,6 +331,7 @@
// Write the session data.
session_write_close();
}
+ return TRUE;
}
/**
@@ -351,7 +354,7 @@
global $user, $is_https;
// Nothing to do if we are not allowed to change the session.
if (!drupal_save_session()) {
- return;
+ return TRUE;
}
if ($is_https && variable_get('https', FALSE)) {
@@ -410,6 +413,7 @@
$user = $account;
}
date_default_timezone_set(drupal_get_user_timezone());
+ return TRUE;
}
/**
@@ -425,7 +429,7 @@
// Nothing to do if we are not allowed to change the session.
if (!drupal_save_session()) {
- return;
+ return TRUE;
}
// Delete session data.
@@ -446,6 +450,7 @@
elseif (variable_get('https', FALSE)) {
_drupal_session_delete_cookie('S' . session_name(), TRUE);
}
+ return TRUE;
}
/**
@@ -466,6 +471,7 @@
setcookie($name, '', REQUEST_TIME - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
unset($_COOKIE[$name]);
}
+ return TRUE;
}
/**
@@ -477,7 +483,7 @@
function drupal_session_destroy_uid($uid) {
// Nothing to do if we are not allowed to change the session.
if (!drupal_save_session()) {
- return;
+ return TRUE;
}
db_delete('sessions')
Logic:
PHP7: need return true/false since null is no longer falsy/successy
| Comment | File | Size | Author |
|---|---|---|---|
| drupal_fix.PNG | 12.02 KB | J_Hall |
Comments
Comment #2
willzyx commentedClosed as a duplicate of #2460833: _drupal_session_destroy() should return boolean
Comment #3
Peter Bowey commentedNot a 'exact' duplicate of: "#2460833: _drupal_session_destroy() should return boolean."
The patch above covers other _session areas not marked in #2460833
Comment #4
willzyx commented@Peter Bowey is the same issue with different patches :). To avoid duplicates, we should join the forces and try to solve the issue in #2460833: _drupal_session_destroy() should return boolean. You can discuss on the issue and post your solution there.
Comment #5
Peter Bowey commented@willzyx
My given solution was showing up on the first page of Google - until you closed it.
Q: The other case scenario 2460833 did not [then] show, and thus I might doubt anyone knows it exists - including me [initially]? See #1 below.
Thus my own input here [posting].
Q: Why [was] is the other solution so hard to find??
#1: I searched via Google and Drupal for 36 hours, before posting what was a 'worked' solution.
I [also] posted the above [patch] to a French Drupal site, where the same issue went 'unanswered'...
See: http://drupalfr.org/comment/73847#comment-73847
Comment #6
checker commentedPeter Bowey,
I guess your issue has been closed because you haven't uploaded a patch file. So please upload a "better" patch in #2460833: _drupal_session_destroy() should return boolean to help to fix this bug.
Comment #8
J_Hall commentedPLEASE RE-OPEN
... so that someone will actually fix this in the drupal core. Has anyone noticed that this is still broken?
SHOULD BE:
However due to the incompetency of people marking this as a duplicate and subsequently annoying the one person to offer an actual fix, this was never integrated into the Drupal 7 code base. I simply made the change myself after coming across this on Google and YES, this is the number one result and the only fix for:
"Session callback expects true/false return value in user_logout()"
Thank you, Peter.
Comment #9
ayesh commentedHi everyone,
There are several incompatibilities in D7 with PHP 7, and a single issue helps to track every one of them.
Patches in #2656548-12: Fully support PHP 7.0 in Drupal 7 fixed the session issues completely. Only the destroy callback needed to return a bool value (open, gc, etc already returns bool).
Comment #10
CStoebs commentedJ_Hall,
Your solution worked great. This issue finally compelled me to create an account on this site. It SHOULD NOT be that difficult to find a simple bug in the source code of Drupal Core. It was literally two lines of code that needed fixing, but was impossible to find the solution. Whoever deleted duplicate threads did not do this community a service by doing so.
Chris
Comment #11
michelleCStoebs - Nothing gets deleted except spam. When an issue is marked duplicate it is because there is another issue that covers the same problem. Often it is the older one that is kept and the newer one marked duplicate but it can also be the one with a working patch is kept.
Comment #12
annajonna commentedOn a testsite, I and my team are getting this Warning message:
Warning: session_destroy(): Session callback expects true/false return value in user_logout()
(line 178 of /path/to/betawww/htdocs/modules/user/user.pages.inc).
Warning: session_destroy(): Session object destruction failed in user_logout()
(line 178 of /path/to/betawww/htdocs/modules/user/user.pages.inc).
Just thought You would like to know.
Comment #13
dpi