session gets corrupted when using "\Zend\ProgressBar\Upload\SessionProgress"

[headbutt]

Whenever you submit a form using "PHP session-upload-progress", and you are also using the ZF session-container object, the session becomes corrupted. It looks like the upload-progress data is being injected into the ZF session data. I can confirm this happens with all releases of the framework. Output of error below:

Stack trace:

#0 /sites/shepherdpups/public_html/vendor/zendframework/library/Zend/Stdlib/ArrayObject.php(412): Zend\Stdlib\ArrayObject->setIteratorClass(NULL)
#1 [internal function]: Zend\Stdlib\ArrayObject->unserialize('a:4:{s:7:"stora...')
#2 /sites/shepherdpups/public_html/vendor/zendframework/library/Zend/Session/SessionManager.php(112): session_start()
#3 /sites/shepherdpups/public_html/module/Application/Module.php(195): Zend\Session\SessionManager->start()
#4 /sites/shepherdpups/public_html/module/Application/Module.php(53): Application\Module->bootstrapSession(Object(Zend\Mvc\MvcEvent))
#5 [internal function]: Application\Module->onBootstrap(Object(Zend\Mvc\MvcEvent))
#6 /sites/shepherdpups/public_html/vendor/zendframework/library/Zend/EventManager/EventManager.php(444): call_user_func(Array, in /sites/shepherdpups/public_html/vendor/zendframework/library/Zend/Stdlib/ArrayObject.php on line 370

Note: just submitting the form corrupts the session container.

[versoworks]

I've just encountered this bug (corrupt session object, using latest ZF3.0.1) and spent a few days trying to find the culprit, which turned out to be the \Zend\ProgressBar\Upload\SessionProgress. What's gotten me upset now is not the bug itself, but the fact that OP reported it August 2015 and it's still present. Is this issue ever going to be addressed ?

[weierophinney]

@boournz We need far more information than was presented in the original report in order to reproduce it. If you can provide a reproduce test case, that will allow us to proceed.

[versoworks]

@weierophinney My apologies. I mistakenly presumed that because the issue had been marked as a bug by @Ocramius, it had been verified.

I have created a project using the ZF Skeleton app that reproduces the issue I experienced. Two things need to exist for the issue to occur; the session must have a set property, and the view must contain the ZF Progress bar call formFileSessionProgress(). The project includes both.

If the formFileSessionProgress() call from the view to the ZF Progressbar is removed, the issue does not occur. If the Session does not have a set property, the issue does not occur.

To reproduce the issue, simply load the index.php in your web browser and click the Upload button. You do not need to set a file to upload. The issue results in the $_SESSION containing properties with __PHP_Incomplete_Class.

Check the Bootstrap function in the Application Module.php file for the meat of the issue.

EDIT
Tested with PHP v5.6.28 & v7.1.0, reproducible in both.

Jan 25 21:54:44 ubuntu : PHP Warning: Class __PHP_Incomplete_Class has no unserializer in Unknown on line 0
Jan 25 21:54:44 ubuntu : message repeated 2 times: [ PHP Warning: Class __PHP_Incomplete_Class has no unserializer in Unknown on line 0]
Jan 25 21:54:44 ubuntu : PHP Warning: Erroneous data format for unserializing 'Zend\Stdlib\ArrayObject' in /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/SessionManager.php on line 131
Jan 25 21:54:44 ubuntu : PHP Stack trace:
Jan 25 21:54:44 ubuntu : PHP 1. {main}() /opt/bitnami/apps/myapp/public/index.php:0
Jan 25 21:54:44 ubuntu : PHP 2. Zend\Mvc\Application::init($configuration = uninitialized) /opt/bitnami/apps/myapp/public/index.php:40
Jan 25 21:54:44 ubuntu : PHP 3. Zend\Mvc\Application->bootstrap($listeners = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-mvc/src/Application.php:273
Jan 25 21:54:44 ubuntu : PHP 4. Zend\EventManager\EventManager->triggerEvent($event = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-mvc/src/Application.php:161
Jan 25 21:54:44 ubuntu : PHP 5. Zend\EventManager\EventManager->triggerListeners($event = uninitialized, $callback = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-eventmanager/src/EventManager.php:171
Jan 25 21:54:44 ubuntu : PHP 6. Application\Module->onBootstrap($event = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-eventmanager/src/EventManager.php:322
Jan 25 21:54:44 ubuntu : PHP 7. Application\Module->initTranslator($event = uninitialized) /opt/bitnami/apps/myapp/module/Application/src/Module.php:38
Jan 25 21:54:44 ubuntu : PHP 8. Zend\ServiceManager\ServiceManager->get($name = uninitialized) /opt/bitnami/apps/myapp/module/Application/src/Module.php:49
Jan 25 21:54:44 ubuntu : PHP 9. Zend\ServiceManager\ServiceManager->doCreate($resolvedName = uninitialized, $options = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-servicemanager/src/ServiceManager.php:200
Jan 25 21:54:44 ubuntu : PHP 10. Zend\Session\Service\ContainerAbstractServiceFactory->__invoke($container = uninitialized, $requestedName = uninitialized, $options = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-servicemanager/src/ServiceManager.php:758
Jan 25 21:54:44 ubuntu : PHP 11. Zend\Session\AbstractContainer->__construct($name = uninitialized, $manager = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/Service/ContainerAbstractServiceFactory.php:101
Jan 25 21:54:44 ubuntu : PHP 12. Zend\Session\SessionManager->start($preserveStorage = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/AbstractContainer.php:78
Jan 25 21:54:44 ubuntu : PHP 13. session_start() /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/SessionManager.php:131
Jan 25 21:54:44 ubuntu : PHP Warning: session_start(): Failed to decode session object. Session has been destroyed in /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/SessionManager.php on line 131
Jan 25 21:54:44 ubuntu : PHP Stack trace:
Jan 25 21:54:44 ubuntu : PHP 1. {main}() /opt/bitnami/apps/myapp/public/index.php:0
Jan 25 21:54:44 ubuntu : PHP 2. Zend\Mvc\Application::init($configuration = uninitialized) /opt/bitnami/apps/myapp/public/index.php:40
Jan 25 21:54:44 ubuntu : PHP 3. Zend\Mvc\Application->bootstrap($listeners = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-mvc/src/Application.php:273
Jan 25 21:54:44 ubuntu : PHP 4. Zend\EventManager\EventManager->triggerEvent($event = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-mvc/src/Application.php:161
Jan 25 21:54:44 ubuntu : PHP 5. Zend\EventManager\EventManager->triggerListeners($event = uninitialized, $callback = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-eventmanager/src/EventManager.php:171
Jan 25 21:54:44 ubuntu : PHP 6. Application\Module->onBootstrap($event = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-eventmanager/src/EventManager.php:322
Jan 25 21:54:44 ubuntu : PHP 7. Application\Module->initTranslator($event = uninitialized) /opt/bitnami/apps/myapp/module/Application/src/Module.php:38
Jan 25 21:54:44 ubuntu : PHP 8. Zend\ServiceManager\ServiceManager->get($name = uninitialized) /opt/bitnami/apps/myapp/module/Application/src/Module.php:49
Jan 25 21:54:44 ubuntu : PHP 9. Zend\ServiceManager\ServiceManager->doCreate($resolvedName = uninitialized, $options = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-servicemanager/src/ServiceManager.php:200
Jan 25 21:54:44 ubuntu : PHP 10. Zend\Session\Service\ContainerAbstractServiceFactory->__invoke($container = uninitialized, $requestedName = uninitialized, $options = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-servicemanager/src/ServiceManager.php:758
Jan 25 21:54:44 ubuntu : PHP 11. Zend\Session\AbstractContainer->__construct($name = uninitialized, $manager = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/Service/ContainerAbstractServiceFactory.php:101
Jan 25 21:54:44 ubuntu : PHP 12. Zend\Session\SessionManager->start($preserveStorage = uninitialized) /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/AbstractContainer.php:78
Jan 25 21:54:44 ubuntu : PHP 13. session_start() /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/SessionManager.php:131
Jan 25 21:54:44 ubuntu : PHP Fatal error: Uncaught Zend\Session\Exception\RuntimeException: Container cannot write to storage due to type mismatch in /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/AbstractContainer.php:202#012Stack trace:#12#0 /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/AbstractContainer.php(404): Zend\Session\AbstractContainer->verifyNamespace(false)#12#1 /opt/bitnami/apps/myapp/module/Application/src/Module.php(52): Zend\Session\AbstractContainer->offsetExists('abc')#12#2 /opt/bitnami/apps/myapp/vendor/zendframework/zend-eventmanager/src/EventManager.php(322): Application\Module->onBootstrap(Object(Zend\Mvc\MvcEvent))#12#3 /opt/bitnami/apps/myapp/vendor/zendframework/zend-eventmanager/src/EventManager.php(171): Zend\EventManager\EventManager->triggerListeners(Object(Zend\Mvc\MvcEvent))#12#4 /opt/bitnami/apps/myapp/vendor/zendframework/zend-mvc/src/Applicat in /opt/bitnami/apps/myapp/vendor/zendframework/zend-session/src/AbstractContainer.php on line 202

[razonklnbd]

any progress of this issue? i face it at 2.4.9 here. i found related PHP bug reported at https://bugs.php.net/bug.php?id=68099 my opinion: not direct relation with session or upload progress instead system can't un-serialize data anyhow [Zend/Stdlib/ArrayObject].

[delboy1978uk]

If it helps anyone, I came across this this morning, and discovered that someone had set

ini_set('unserialize_callback_func','__unserialize_callback_func');

The actual function defined just error_logged the class name. But when I commented out the ini_set, the session started fine.

[weierophinney]

This repository has been closed and moved to laminas/laminas-progressbar; a new issue has been opened at laminas/laminas-progressbar#3.