simplesamlphp/simplesamlphp 1.17.0+ causes conflict with other login modules (Cognito)

After a recent upgrade on one of our projects, we started having an issue where this module would create a PHP session too early in the request and other modules' logic (Cognito in our case) would fail with the error "Failed to start the session: already started by PHP".

I found out that this was because of a change in the PHP library which is called from the SimplesamlphpAuthManager service's constructor while trying to create an instance.

I have created a patch where an instance is created only if one is passed in to the constructor. A method has also been added which initialises the instance on demand, and called wherever $this->instance is being called.

CommentFileSizeAuthor
#12 simplesamlphp_auth-failed_start_session-3043942-12.patch1.44 KBafireintheattic
1.17.0-plus-conflict.patch1.94 KByusufhm

Comments

yusufhm created an issue. See original summary.

brockfanning’s picture

brockfanning commented

This patch fixes a problem we are having locally, with a "Failed to start the session: already started by PHP" error. Thank you!

I don't understand the internals enough to say what module or code we have that is causing the conflict.

Are the test failures here false alarms?

yusufhm’s picture

yusufhm
Primary language English
Location NSW, Australia
commented
Issue summary: View changes
yusufhm’s picture

yusufhm
Primary language English
Location NSW, Australia
commented
Title: simplesamlphp/simplesamlphp 1.17.0+ causes conflict with other login modules (Cognito) » Error "Failed to start the session: already started by PHP"
Issue summary: View changes

Made the title more relevant to the error obtained.

justcaldwell’s picture

justcaldwell
he/him
Primary language English
Location Austin, Texas
commented

Similar to @brockfanning; our local instances use local login -- simplesamlphp is only active "cloud" instances. The error started popping up when a recent composer update moved us to 1.17.2. This patch fixes it. Thanks!

berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Needs review » Postponed (maintainer needs more info)

Can you check if #3050273: Require SimpleSAMLphp ^1.17.2 and use namespaced class names fixes the problem as well? Then I'll close this as a duplicate, although I already suggested in #2915568: Installing the module causes exception and Drupal whitescreen to switch to a lazy load implementation similar to what was proposed here.

justcaldwell’s picture

justcaldwell
he/him
Primary language English
Location Austin, Texas
commented

Can't speak to the OP's use case, but the patch at #3050273: Require SimpleSAMLphp ^1.17.2 and use namespaced class names doesn't resolve this problem for us. The "Failed to start the session: already started by PHP" error returns for local login attempts.

RuntimeException: Failed to start the session: already started by PHP. in Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start() (line 137 of /var/www/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php).
Drupal\Core\Session\SessionManager->startNow() (Line: 240)
Drupal\Core\Session\SessionManager->regenerate(, NULL) (Line: 188)
Symfony\Component\HttpFoundation\Session\Session->migrate() (Line: 564)
user_login_finalize(Object) (Line: 145)
Drupal\user\Form\UserLoginForm->submitForm(Array, Object)
call_user_func_array(Array, Array) (Line: 111)
Drupal\Core\Form\FormSubmitter->executeSubmitHandlers(Array, Object) (Line: 51)
Drupal\Core\Form\FormSubmitter->doSubmitForm(Array, Object) (Line: 589)
Drupal\Core\Form\FormBuilder->processForm('user_login_form', Array, Object) (Line: 318)
Drupal\Core\Form\FormBuilder->buildForm('user_login_form', Object) (Line: 93)
Drupal\Core\Controller\FormController->getContentResult(Object, Object)
call_user_func_array(Array, Array) (Line: 123)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 582)
Drupal\Core\Render\Renderer->executeInRenderContext(Object, Object) (Line: 124)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->wrapControllerExecutionInRenderContext(Array, Array) (Line: 97)
Drupal\Core\EventSubscriber\EarlyRenderingControllerWrapperSubscriber->Drupal\Core\EventSubscriber\{closure}() (Line: 151)
Symfony\Component\HttpKernel\HttpKernel->handleRaw(Object, 1) (Line: 68)
Symfony\Component\HttpKernel\HttpKernel->handle(Object, 1, 1) (Line: 57)
Drupal\Core\StackMiddleware\Session->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\KernelPreHandle->handle(Object, 1, 1) (Line: 99)
Drupal\page_cache\StackMiddleware\PageCache->pass(Object, 1, 1) (Line: 78)
Drupal\page_cache\StackMiddleware\PageCache->handle(Object, 1, 1) (Line: 47)
Drupal\Core\StackMiddleware\ReverseProxyMiddleware->handle(Object, 1, 1) (Line: 52)
Drupal\Core\StackMiddleware\NegotiationMiddleware->handle(Object, 1, 1) (Line: 23)
Stack\StackedHttpKernel->handle(Object, 1, 1) (Line: 693)
Drupal\Core\DrupalKernel->handle(Object) (Line: 19)
berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Postponed (maintainer needs more info) » Needs work

Ah I see, I thought it's the configuration stuff or a warning message or so, but I got it now.

Then lets do the lazy initalization here, but I'd prefer to just change $this->instance to $this->getInstance() and then initialize inside it.

berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Needs work » Postponed (maintainer needs more info)

#2915568: Installing the module causes exception and Drupal whitescreen does include the same kind of lazy loading that should fix this.

brockfanning’s picture

brockfanning commented

Berdir, was that meant to be posted in another issue? The link is to here I think.

berdir’s picture

berdir
Primary language German
Location Switzerland
commented

Fixed the link, sorry.

afireintheattic’s picture

afireintheattic commented
StatusFileSize
new simplesamlphp_auth-failed_start_session-3043942-12.patch1.44 KB

This patch worked well for me! In case anyone needs it, I'm also attaching a patch that should apply cleanly to the 3.0 release of the module as well.

UPDATE: This patch actually does not work for me any longer, but checking out the full 3.x-dev code resolves this issue completely.

brockfanning’s picture

brockfanning commented

I'm trying the latest 3.x-dev code now, without any patches, and the problem appears to be gone. @afireintheattic could you confirm?

afireintheattic’s picture

afireintheattic commented

@brockfanning The patch I posted above that is rolled against the 3.0 release actually does not work; however, I did checkout the 3.x-dev code and can confirm that it does indeed resolve the issue for me. This is a bit of a blocker for use, so hopefully this gets released soon! :D

berdir’s picture

berdir
Primary language German
Location Switzerland
commented
Status: Postponed (maintainer needs more info) » Closed (duplicate)

I was waiting on some confirmations that this is indeed the case as I didn't have a chance yet to test it myself. Closing as a duplicate then.

berdir’s picture

berdir
Primary language German
Location Switzerland
commented

Here we go: https://www.drupal.org/project/simplesamlphp_auth/releases/8.x-3.1