Hello,

I'm having issues with the module.

I'm doing a very simple redirect to a welcome page upon user registration :
- Reacts on Entity insert -> User
- Condition Logged user has a role (I also tried without this condition, with no effect)
- Action Page redirect

Immediately after creating the user, I'm seeing the below error, which I don't get when simply disabling the rule.

My environment :
- Drupal 8.5.6
- PHP 7.2.9

RuntimeException: Failed to start the session because headers have already been sent by "/var/www/html/vendor/symfony/http-foundation/Response.php" at line 360. in Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start() (line 141 of /var/www/html/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php) #0 /var/www/html/core/lib/Drupal/Core/Session/SessionManager.php(164): Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start() #1 /var/www/html/core/lib/Drupal/Core/Session/SessionManager.php(195): Drupal\Core\Session\SessionManager->startNow() #2 /var/www/html/vendor/symfony/http-foundation/Session/Session.php(196): Drupal\Core\Session\SessionManager->save() #3 /var/www/html/core/lib/Drupal/Core/StackMiddleware/Session.php(60): Symfony\Component\HttpFoundation\Session\Session->save() #4 /var/www/html/core/lib/Drupal/Core/StackMiddleware/KernelPreHandle.php(47): Drupal\Core\StackMiddleware\Session->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #5 /var/www/html/core/modules/page_cache/src/StackMiddleware/PageCache.php(99): Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #6 /var/www/html/core/modules/page_cache/src/StackMiddleware/PageCache.php(78): Drupal\page_cache\StackMiddleware\PageCache->pass(Object(Symfony\Component\HttpFoundation\Request), 1, true) #7 /var/www/html/core/lib/Drupal/Core/StackMiddleware/ReverseProxyMiddleware.php(47): Drupal\page_cache\StackMiddleware\PageCache->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #8 /var/www/html/core/lib/Drupal/Core/StackMiddleware/NegotiationMiddleware.php(52): Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #9 /var/www/html/vendor/stack/builder/src/Stack/StackedHttpKernel.php(23): Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #10 /var/www/html/core/lib/Drupal/Core/DrupalKernel.php(666): Stack\StackedHttpKernel->handle(Object(Symfony\Component\HttpFoundation\Request), 1, true) #11 /var/www/html/index.php(19): Drupal\Core\DrupalKernel->handle(Object(Symfony\Component\HttpFoundation\Request)) #12 {main}.

Comments

dendreten created an issue. See original summary.

dendreten’s picture

dendreten commented

--

dendreten’s picture

dendreten commented
Status: Active » Closed (works as designed)

after some research : this seems to be a more general drupal issue.

dendreten’s picture

dendreten commented
Status: Closed (works as designed) » Active

Decided to reopen this issue as I'm wandering if some one knows how to deal with this as I imagine it's not good practice to accept runtime issues.

Thanks in advance.

gil'barbare’s picture

gil'barbare
he/him
Primary language French
Location Rennes
commented

Same problem for me...
Thanks for helping :)

c.e.a’s picture

c.e.a commented

I doubt this issue is related to this module, please have a look at:
https://www.drupal.org/project/drupal/issues/2852657#comment-12993423

irowboat’s picture

irowboat commented

Same problem. Also using Page Redirect action. I was relying on this module to take users to a page they absolutely need to visit before seeing the site, but circumventing that redirect with a double click kills the whole feature.

The rationality of using this module for business critical page redirects is debatable, but previously Rules worked well for this.

For now I'd advice anybody using this module, the Page Redirect action in particular, to thoroughly test that the redirect does not fail when loading the page multiple times in quick succession. That is, if you rely on the redirect to work 100% of the time.

(edit: words)

c.e.a’s picture

c.e.a commented
Status: Active » Closed (works as designed)

This is Drupal core related issue and more specifically is an Ajax related issue where the response is being set before the rule is triggered.

There is nothing to be done from this module side until the Core issue has been fixed!

You can read more about this issue below:

#2957019: Failed to start the session because headers have already been sent
#2852657: RuntimeException: Failed to start the session because headers have already been sent

@irowboat

For now I'd advice anybody to NOT use this module, especially the Page Redirect action, for anything resembling user authorization.

Your recommendation doesn't make any sense until you provide a reasonable logical reason for it!

irowboat’s picture

irowboat commented

@C.E.A

Thank you for your response. I absolutely love this module, so please don't take my statement as malicious.

I'm just saying, that regardless of the origin of the bug, relying on the Page Redirect working 100% to e.g. hide pages from certain users with it can lead to unintended information exposure on some setups, such as mine. I stumbled on this problem while testing, some others might not even notice. This seems like a fairly important warning to me.

(edit: wording)

c.e.a’s picture

c.e.a commented

@irowboat no worries but the main concern here is for the non-experienced users who will read your comment #7 and will sure be afraid from using such module which is not true at all.

Btw I am relying mainly on this module to:

  • Deny access for any user trying to access any user profile other than his own.
  • Deny access for any node if user is trying to access it using the unaliased: /node/* and not its aliased path url.
irowboat’s picture

irowboat commented

@C.E.A Fair enough. I turned the doom and gloom factor down a bit on #7, since it's apparently an edge case anyway.

aswathyajish’s picture

aswathyajish commented

I also got the same error after upgrading to drupal 9 latest version (9.2.7).

Following is the error in log :

RuntimeException: Failed to start the session because headers have already been sent by "/opt/web/vendor/symfony/http-foundation/Response.php" at line 1224. in Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start() (line 152 of /opt/web/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php)

Problem : I could not login to my site using any user.

Findings : I have used "Business Rules" module to redirect to "Dashboard" page when user logged in.

Solution :

1. Disable the "Redirect" rule in "Business Rules" module (if "Business Rules" module is using for any other purpose also) or uninstall the module "Business Rules" (only if, "Business Rules" module is not using for any other purpose).

2. Used the following code in custom module to redirect to login page when user logged in :

<?php
use Symfony\Component\HttpFoundation\RedirectResponse;
use Drupal\Core\Form\FormStateInterface;

function hook_form_user_login_form_alter(&$form, FormStateInterface $form_state) {
$form['#submit'][] = 'hook_user_login_submit';
}

/**
* Form submission handler for user_login_form().
* Redirects the user to the dashboard after logging in.
**/
function hook_user_login_submit(&$form, FormStateInterface $form_state) {
$current_user = \Drupal::currentUser();
$roles = $current_user->getRoles();
$request = \Drupal::service('request_stack')->getCurrentRequest();
if (!$request->request->has('destination')) {
if (in_array('administrator', $roles) || in_array('authenticated', $roles)) {
return \Drupal::service('request_stack')->getCurrentRequest()->query->set('destination', '/dashboard');
}
}
else {
$request->query->set('destination', $request->request->get('destination'));
}
}