EndSession Error

imagineds, my apologies, that was a simple error on my part. I wasn’t checking that a session ID was still invoked prior to destroying it, and if another plugin had already destroyed said ID, well, that generates the error you’re seeing. I’m finishing up version 2.1.3 specifically to address this problem, and should have it uploaded shortly.

Super. Is “shortly” as in later today or sometime this week? And thank you for getting back to me so quickly. We use your plugin on quite a few websites.

“Shortly” as in, it’s already uploaded to www.ads-software.com. Just waiting for it to propogate, should be any minute now.

AMAZING! Looking forward to it. Thanks again for responding so fast! Incredible.

Hmm. Not quite resolved. I cleared cache and I am still getting the error. The error only shows up if I have iThemes Security Pro activated, which is a problem since it is my defacto security plugin. Tried this on multiple sites, same issue. I have also asked them for their assistance.

If you look toward the bottom of global-content-blocks.php in version 2.1.3 (the new version) you’ll find this:

function gcbEndSession() {
if(!session_id()) {
session_destroy ();
}
}

What I’d done by mistake in earlier versions was this:

function gcbEndSession() {
session_destroy ();
}

If this is causing an incompatibility with iThemes Security Pro I’ll be glad to make reasonable changes they recommend. We need to get this taken care of, I consider it a priority. Please keep me posted.

Hi Dave. I’m one of the developers for iThemes Security.

You are correct that the problem was related to the gcbEndSession() function, but the modification has a bug in it, preventing it from working as expected.

The function currently looks as follows:

function gcbEndSession() {
    if(!session_id()) {
        session_destroy ();
    }
}

However, it should be:

function gcbEndSession() {
    if(session_id()) {
        session_destroy ();
    }
}

In gcbStartSession(), using !session_id() is correct as you only want to run session_start() if there is not a current session. However, in gcbEndSession(), you want to check session_id() (without !) in order to ensure that you are only calling session_destroy() when there is a current session. With the current logic, it only attempts to destroy the current session when there is not a current session. This is the reason for the warning being triggered which in turn is preventing the redirect from working as expected.

Please let me know if you have any questions.

Chris Jean, many thanks for the assist. It always seems to be the simplest things that can trip one up …

imagineds version 2.1.4 should be available shortly with Chris Jean’s modification included. Again, my apologies.

With regards to the simplest things creating problems, I fully agree. I’ve been there many times before.

Thanks for the quick update.

Happy Thanksgiving everyone.

Thanks to you both. I have made the update to 2.1.4 on multiple sites and it has resolved the issue I was seeing. YAHOO!

imagineds thanks for getting Chris Jean involved, I only had one cup of coffee earlier today and never would have found that bug. Happy Thanksgiving.