[4.0] Installer doesn't work when installation is on a symlink

[laoneo]

The session can't store it's data into the folder /home/vagrant/Projects/joomla-cms/installation/sessions despite the permissions is 777 from /var down to joomla-cms and also from /home down to joomla-cms on every folder.

I'm using the Joomlatools vagrant box for development. There I have the the core files in the folder /home/vagrant/Projects/joomla-cms. To have it accessible from within a web server I'v created a symlink from /var/www/cms to /home/vagrant/Projects/joomla-cms. The Joomla 4 installer is now not moving to the next page and I see on the bottom the following warning:

Warning: session_write_close(): Failed to write session data (user). Please verify that the current setting of session.save_path is correct (/home/vagrant/Projects/joomla-cms/installation/sessions) in /home/vagrant/Projects/joomla-cms/libraries/vendor/joomla/session/src/Storage/NativeStorage.php on line 108

When I set the path in the session provider to /tmp then it works.

Steps to reproduce the issue

• Install vagrant
• On your host do vagrant init joomlatools/box
• Then vagrant up
• Log in to the machine like ssh vagrant@33.33.33.58
• Go to the folder /home/vagrant/Projects/
• git clone https://github.com/joomla/joomla-cms.git or use your fork url
• git checkout 4.0-dev
• ln -s /home/vagrant/Projects/joomla-cms /var/www/cms
• Open the browser with the url 33.33.33.58/cms

Expected result

No error message and the installer should jump to the second page when I fill all the data and click next.

Actual result

The installer stays on the first page.

System information (as much as possible)

$ php -i
phpinfo()
PHP Version => 7.0.11

System => Linux joomlatools 4.2.0-27-generic #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 x86_64
Build Date => Oct 4 2016 13:45:41
Configure Command => './configure' '--enable-calendar' '--enable-cli' '--enable-exif' '--enable-ftp' '--enable-intl' '--enable-mbstring' '--enable-soap' '--enable-sockets' '--enable-zip' '--prefix=/opt/php/php-7.0.11' '--with-apxs2=/usr/bin/apxs2' '--with-bz2' '--with-config-file-scan-dir=/opt/php/php-7.0.11/etc/conf.d/' '--with-gd' '--with-jpeg-dir' '--with-png-dir' '--enable-gd-native-ttf' '--with-freetype-dir' '--with-iconv' '--with-libdir=lib/x86_64-linux-gnu' '--with-mcrypt' '--with-pcre-regex' '--with-readline' '--with-xmlrpc' '--with-zlib' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-mysql-sock=/var/run/mysqld/mysqld.sock' '--with-libxml-dir=/opt/libxml2-2.7.8' '--with-xsl=/opt/libxslt-1.1.26' '--with-openssl=/opt/openssl-1.0.2g' '--with-curl' '--enable-opcache'
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /opt/php/php-7.0.11/lib
Loaded Configuration File => /opt/php/php-7.0.11/lib/php.ini
Scan this dir for additional .ini files => /opt/php/php-7.0.11/etc/conf.d/
Additional .ini files parsed => /opt/php/php-7.0.11/etc/conf.d/99-custom.ini,
/opt/php/php-7.0.11/etc/conf.d/mysql.ini

PHP API => 20151012
PHP Extension => 20151012
Zend Extension => 320151012
Zend Extension Build => API320151012,NTS
PHP Extension Build => API20151012,NTS
Debug Build => no
Thread Safety => disabled
Zend Signal Handling => disabled
Zend Memory Manager => enabled
Zend Multibyte Support => provided by mbstring
IPv6 Support => enabled
DTrace Support => disabled

Registered PHP Streams => https, ftps, compress.zlib, compress.bzip2, php, file, glob, data, http, ftp, phar, zip
Registered Stream Socket Transports => tcp, udp, unix, udg, ssl, sslv3, tls, tlsv1.0, tlsv1.1, tlsv1.2
Registered Stream Filters => zlib., bzip2., convert.iconv., mcrypt., mdecrypt., string.rot13, string.toupper, string.tolower, string.strip_tags, convert., consumed, dechunk

This program makes use of the Zend Scripting Language Engine:
Zend Engine v3.0.0, Copyright (c) 1998-2016 Zend Technologies

PHP Version => 7.0.11

Directive => Local Value => Master Value
allow_url_fopen => On => On
allow_url_include => Off => Off
arg_separator.input => & => &
arg_separator.output => & => &
auto_append_file => no value => no value
auto_globals_jit => On => On
auto_prepend_file => no value => no value
browscap => no value => no value
default_charset => UTF-8 => UTF-8
default_mimetype => text/html => text/html
disable_classes => no value => no value
disable_functions => no value => no value
display_errors => STDOUT => STDOUT
display_startup_errors => On => On
doc_root => no value => no value
docref_ext => no value => no value
docref_root => no value => no value
enable_dl => Off => Off
enable_post_data_reading => On => On
error_append_string => no value => no value
error_log => no value => no value
error_prepend_string => no value => no value
error_reporting => 32759 => 32759
exit_on_timeout => Off => Off
expose_php => On => On
extension_dir => /opt/php/php-7.0.11/lib/php/extensions/no-debug-non-zts-20151012/ => /opt/php/php-7.0.11/lib/php/extensions/no-debug-non-zts-20151012/
file_uploads => On => On
highlight.comment => #FF8000 => #FF8000
highlight.default => #0000BB => #0000BB
highlight.html => #000000 => #000000
highlight.keyword => #7700 => #7700
highlight.string => #DD0000 => #DD0000
html_errors => Off => Off
ignore_repeated_errors => Off => Off
ignore_repeated_source => Off => Off
ignore_user_abort => Off => Off
implicit_flush => On => On
include_path => .:/opt/php/php-7.0.11/lib/php => .:/opt/php/php-7.0.11/lib/php
input_encoding => no value => no value
internal_encoding => no value => no value
log_errors => On => On
log_errors_max_len => 1024 => 1024
mail.add_x_header => On => On
mail.force_extra_parameters => no value => no value
mail.log => no value => no value
max_execution_time => 0 => 0
max_file_uploads => 20 => 20
max_input_nesting_level => 64 => 64
max_input_time => -1 => -1
max_input_vars => 1000 => 1000
memory_limit => 2048M => 2048M
open_basedir => no value => no value
output_buffering => 0 => 0
output_encoding => no value => no value
output_handler => no value => no value
post_max_size => 256M => 256M
precision => 14 => 14
realpath_cache_size => 16K => 16K
realpath_cache_ttl => 120 => 120
register_argc_argv => On => On
report_memleaks => On => On
report_zend_debug => Off => Off
request_order => GP => GP
sendmail_from => no value => no value
sendmail_path => /home/vagrant/.rvm/gems/ruby-2.2.1/bin/catchmail -fnoreply@example.com => /home/vagrant/.rvm/gems/ruby-2.2.1/bin/catchmail -fnoreply@example.com
serialize_precision => 17 => 17
short_open_tag => Off => Off
SMTP => localhost => localhost
smtp_port => 25 => 25
sql.safe_mode => Off => Off
sys_temp_dir => no value => no value
track_errors => On => On
unserialize_callback_func => no value => no value
upload_max_filesize => 256M => 256M
upload_tmp_dir => no value => no value
user_dir => no value => no value
user_ini.cache_ttl => 300 => 300
user_ini.filename => .user.ini => .user.ini
variables_order => GPCS => GPCS
xmlrpc_error_number => 0 => 0
xmlrpc_errors => Off => Off
zend.assertions => 1 => 1
zend.detect_unicode => On => On
zend.enable_gc => On => On
zend.multibyte => Off => Off
zend.script_encoding => no value => no value

session

Session Support => enabled
Registered save handlers => files user
Registered serializer handlers => php_serialize php php_binary

Directive => Local Value => Master Value
session.auto_start => Off => Off
session.cache_expire => 180 => 180
session.cache_limiter => nocache => nocache
session.cookie_domain => no value => no value
session.cookie_httponly => Off => Off
session.cookie_lifetime => 0 => 0
session.cookie_path => / => /
session.cookie_secure => Off => Off
session.entropy_file => /dev/urandom => /dev/urandom
session.entropy_length => 32 => 32
session.gc_divisor => 1000 => 1000
session.gc_maxlifetime => 1440 => 1440
session.gc_probability => 1 => 1
session.hash_bits_per_character => 5 => 5
session.hash_function => 0 => 0
session.lazy_write => On => On
session.name => PHPSESSID => PHPSESSID
session.referer_check => no value => no value
session.save_handler => files => files
session.save_path => no value => no value
session.serialize_handler => php => php
session.upload_progress.cleanup => On => On
session.upload_progress.enabled => On => On
session.upload_progress.freq => 1% => 1%
session.upload_progress.min_freq => 1 => 1
session.upload_progress.name => PHP_SESSION_UPLOAD_PROGRESS => PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix => upload_progress_ => upload_progress_
session.use_cookies => On => On
session.use_only_cookies => On => On
session.use_strict_mode => Off => Off
session.use_trans_sid => 0 => 0

[Fedik]

I guess a symlinks not allowed in the session path for a security reason
https://bugs.php.net/bug.php?id=37273

Maybe can use existing one? with small modification (if they need to be separated):

$sessionPath = ini_get('session.save_path') . '/joomla_installation';
$handler = new FilesystemHandler($sessionPath);

or system /tmp $sessionPath = sys_get_temp_dir() . '/joomla_installation';

[dgrammatiko]

One remark: we should remove that folder on the end of the process, for good housekeeping

[laoneo]

Good catch @Fedik. If the pr #16918 get accepted we don't have to deal with that at all as we rely then on the session path configured by the environment.

[mbabker]

So here's the thing about the current setup. The install app should be "buffered" from as many potential server related issues as possible. Part of that includes not being 100% reliant on PHP being configured to handle filesystem related sessions especially as once you get into the real application we default to the database.

All the referenced PR does with regards to the session stuff is remove the overridden session configuration for the install app and uses the global provider (which is not written with support for the install app at all), which basically relies on the filesystem session handler being able to extract a writable filesystem path from the PHP configuration. As much as Allon has pushed for that PR, it is not a magic fix to this issue.

IMO a better fix is to keep the install app provider and add additional logic for this specific issue (if install path is a symlink then try to fallback to reasonable settings, which could include attempting to use the system defaults).

Also take this into consideration. We don't clean up session files written by the install app ever, if you're lucky PHP's garbage collection will clean these up. But if you do a lot of local installs, check your system temp directory and see how many session files you have from the install app. So the current logic of a local sessions directory follows that whole "good housekeeping" comment.

[joomla-cms-bot]

Set to "closed" on behalf of @franz-wohlkoenig by The JTracker Application at issues.joomla.org/joomla-cms/14956

[ghost]

closed as having Pull Request #18896