Hi @seisense,

Looks like the session isn’t being destroyed as it should be when IP address changes. Just to double-check - are you using PHP 7.1 version or 7.4?

I am using PHP version 7.4.
is this something i need to further invetigate or its fine (just turning session_check_ip=on is fine)
Thanks

It sounds like a bug but I’m unable to reproduce it and this is the first such report.

I found a comment in explanation of PHP’s function that destroys the session, when it may fail: php-src/mod_files.c at 46625358d40c1865f34e0e549e1f5b7e6767dd77 · php/php-src · GitHub

If you have additional data on this - let me know but it can be tricky to debug.

I thought turning the session_check_ip=on has solved the php fatal error but it appeared once again:

[24-Feb-2021 19:20:54 America/New_York] PHP Fatal error:  Uncaught PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'b8ef3340ff8ad4909f214305b6ba8f66' for key 'sessions_pkey' in /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:115
Stack trace:
#0 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php(115): PDOStatement->execute(NULL)
#1 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php(489): Doctrine\DBAL\Driver\PDOStatement->execute()
#2 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php(664): Illuminate\Database\Connection->Illuminate\Database\{closure}('INSERT INTO ses...', Array)
#3 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php(631): Illuminate\Database\Connection->runQueryCallback('INSERT INTO ses...', Array, Object(Closure)) in /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php on line 671

So, it is still there, please share your expertise on how to solve this fatal error.
OJS: 3.3.0.3
PHP: 7.4.14

Thanks

This error message seems truncated. Can you post the whole stack trace?
What are the steps to reproduce the error? Can you describe it in more details? e.g., does it occur under specific circumstances or randomly…

This is the completely random behavior and have no idea so far what is causing this error. I saw this error the first time on 20th feb and then yesterday 24th of feb.
I have cleared my php error log and I ll see if this happen again then I ll copy the complete stack trace (although I believe this was the complete stack trace and nothing after this line related to this error).

Hi,
After the gap of three days once again this error poped up. Below the complete php error log:

[28-Feb-2021 02:05:04 America/New_York] ojs2: 404 Not Found
[28-Feb-2021 04:44:48 America/New_York] PHP Fatal error:  Uncaught PDOException: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'e96d0f5af6f2ebdcdd881c83c1672e96' for key 'sessions_pkey' in /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:115
Stack trace:
#0 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php(115): PDOStatement->execute(NULL)
#1 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php(489): Doctrine\DBAL\Driver\PDOStatement->execute()
#2 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php(664): Illuminate\Database\Connection->Illuminate\Database\{closure}('INSERT INTO ses...', Array)
#3 /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php(631): Illuminate\Database\Connection->runQueryCallback('INSERT INTO ses...', Array, Object(Closure)) in /home/seisense/journal.seisense.com/lib/pkp/lib/vendor/laravel/framework/src/Illuminate/Database/Connection.php on line 671
[28-Feb-2021 04:45:36 America/New_York] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[28-Feb-2021 04:47:01 America/New_York] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76

Thanks

Is there anything suspicious in the server access log during those 2 times and in other cases when session_destroy() has failed? Is the user agent or IP identical for all the cases? Does it look like a bot?

I don’t know exactly where to look at for server logs but in the sessions table, I noticed a total of 1066 entries (see the screenshot below)

and I searched the duplicate entry which appeared in PHP fatal error and found the following in the session table:

then another duplicate entry

Does this make any sense or if you suggest me to look at somewhere else to find the issue?
Thanks

Hi @seisense,

I meant something like apache access log but finding those in the session table is also a solution. I don’t see anything special there, those look like real users, that aren’t logged in (user_id isn’t assigned).
I guess for those users it leads to an inability to load the page.
Did the error message appear for the first time only in OJS 3.3.0?

This doesn’t narrow the problem, not sure how to find the cause without reproducibility. According to the session_destroy function implementation, the session can’t be destroyed if the data regarding it is missing from the disk or the path is wrong. I would doubt that it’s OJS issue but will keep an eye on it.

I’ve explored the logs of a production OJS instance v 3.2.1 that uses apache+nginx as a server. I found several similar records ~ 20 for 1 month period. Half of them were caused by a bot, at least according to a log record. The other half of cases don’t have bot identification but also have bot traits - several server records from the same IP with an interval of less than a second.

But I never had this fatal error and session destroy errors before my update to OJS 3.3.0.3. If it is a bot causing error, is there any solution to it or steps we can take to solve this problem?
Thanks

Hi all,

@seisense, I wonder if PHP is generating/using session ID lengths that are longer than the sessions.session_id database column. Normally that should be 128 characters available in the column, and a normal PHP session ID should be shorter than that. Do you see anything unusual in that regard?

Regards,
Alec Smecher
Public Knowledge Project Team

Hi,
I did the anlaysis on session table and found the following:
Total entries: 1170
Charachters in session.session_id are: 32 in each session id

There are a few ips which I found the most common in the table are as below:

The most hits are coming from the this IP 216.244.66.239.

Thanks and looking forward to narrow it down further with your help.

Hi @seisense,

Are you ever able to reproduce this error when browsing the system, or is it only showing up for e.g. bots in the log file?

(One thing to try: see if disabling zlib.output_compression in your php.ini resolves the messages.)

Regards,
Alec Smecher
Public Knowledge Project Team

Hi,
I have disabled the zlib.output_compression (PHP 7.4.16 - phpinfo()) yet in the last four hours php error log has produced this warning (see below).

[18-Mar-2021 08:07:56 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:11:51 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 08:22:37 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:37:15 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:39:46 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:39:46 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:40:00 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:43:20 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 08:43:40 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 08:50:07 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 08:52:24 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 09:22:47 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 09:25:43 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 09:33:47 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 09:44:47 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 09:50:36 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 09:51:22 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 09:54:20 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:04:47 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:06:33 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:07:09 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:07:42 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:08:22 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:26:28 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 11:53:56 Asia/Riyadh] ojs2: 404 Not Found
[18-Mar-2021 12:27:53 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 12:27:53 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 12:30:51 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76
[18-Mar-2021 12:40:53 Asia/Riyadh] PHP Warning:  session_destroy(): Session object destruction failed in /home/seisense/journal.seisense.com/lib/pkp/classes/session/SessionManager.inc.php on line 76

Thanks

Hi @seisense,

I am still struggling to see how the session management code, which has been stable and gone essentially unchanged for years, is behaving so differently on your system.

One thing to try: in lib/pkp/classes/session/SessionManager.inc.php, edit:

function destroy($sessionId) {
    return (boolean) $this->sessionDao->deleteById($sessionId);
}

Change this to:

function destroy($sessionId) {
    $this->sessionDao->deleteById($sessionId);
    return true;
}

I am speculating here but it would be interesting to know if it resolves the warnings.

Regards,
Alec Smecher
Public Knowledge Project Team

Hi @asmecher ,
This change in code has solved the problem.
Thanks

Hi @seisense,

Great, thanks for the confirmation. I’ve filed this at Session destruction (and duplicate) warnings in the PHP error log · Issue #6871 · pkp/pkp-lib · GitHub and it’ll be released with the next version. As documented there, I’m still not 100% sure there isn’t something else going on, but I am satisfied that at least one issue is resolved.

Regards,
Alec Smecher
Public Knowledge Project Team