fix custom db session handlers for changes in PHP7.1

As of PHP 7.1, $_SESSION is no longer intialized if the custom session read handler returns false or null. With $_SEESION not initialized, the the custom session write handler is not getting called (just close()). The way the ONA customer session handlers are written, this new PHP behavior results new sessions never being written to the database.
opennetadmin · Nov 22, 2018 · 7ac31e4 · 7ac31e4
1 parent d6129ca
commit 7ac31e4
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/www/include/adodb_sessions.inc.php b/www/include/adodb_sessions.inc.php
@@ -68,19 +68,20 @@ function sess_read($key) {
     printmsg("sess_read($key) called", 6);
 
     list($status, $rows, $record) = db_get_record($SESS_DBH, 'sessions', "`sesskey` = '$key' AND `expiry` > " . time());
-    if ($status or $rows == 0) { return false; }
+    if ($status or $rows == 0) { return ''; }
 
     if (array_key_exists('sessvalue', $record)) {
         // Update the expiry time (i.e. keep sessions alive even if nothing in the session has changed)
         $expiry = time() + $SESS_LIFE;
         list($status, $rows) = db_update_record($SESS_DBH, 'sessions', "`sesskey` = '$key' AND `expiry` > " . time(), array('expiry' => $expiry));
-        if ($status) { return false; }
+        if ($status) { return ''; }
 
-        // Return the value
+        // Return the value (but not a null)
+        if ( $record['sessvalue'] == NULL ) { return ''; }
         return($record['sessvalue']);
     }
 
-    return false;
+    return '';
 }