[ZBX-19938] PHP session cookie Created: 2021 Sep 09  Updated: 2024 Apr 10  Resolved: 2023 Oct 26

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: API (A), Frontend (F)
Affects Version/s: 5.4.4
Fix Version/s: 7.0 (plan)

Type: Problem report Priority: Critical
Reporter: Sergey Kolesnik Assignee: Dmitrijs Fofanovs
Resolution: Won't fix Votes: 3
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Ubuntu 18.04.5
PHP 7.4.23
Nginx 1.21.3

Issue Links:
Causes
Team: Team A
Sprint: Sprint 87 (Apr 2022), Sprint 88 (May 2022), Roadmap Backlog, Sprint 89 (Jun 2022)
Story Points: 1

 Description   

Steps to reproduce:

  1. navigate to http://zabbix
  2. enter creds and login

Result:

Still not authenticated. Following data in nginx log:

2021/09/09 18:22:30 [error] 201650#201650: *1176 FastCGI sent in stderr: "PHP message: PHP Fatal error: Uncaught Exception: Headers already sent. in /var/www/html/include/classes/helpers/CCookieHelper.php:68
Stack trace:
#0 /var/www/html/include/classes/core/CCookieSession.php(126): CCookieHelper::set()
#1 [internal function]: CCookieSession->write()
#2 {main}
thrown in /var/www/html/include/classes/helpers/CCookieHelper.php on line 68PHP message: PHP Warning: Unknown: Cannot call session save handler in a recursive manner in Unknown on line 0" while reading upstream, client: 10.151.160.44, server: zabbix.meridian.local, request: "POST / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php7.4-fpm.sock:", host: "zabbix"

Expected:
Successfull login

 Comments   
Comment by Sergey Kolesnik [ 2021 Sep 09 ] 
# cat /etc/php/7.4/fpm/php.ini | grep -v ';' | grep -v -e '^$'
[PHP]
engine = On
short_open_tag = On
precision = 14
output_buffering = 4096
zlib.output_compression = On
implicit_flush = Off
unserialize_callback_func =
serialize_precision = -1
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
disable_classes =
zend.enable_gc = On
zend.exception_ignore_args = On
expose_php = Off
max_execution_time = 600
max_input_time = 600
memory_limit = 256M
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
display_startup_errors = Off
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
report_memleaks = On
variables_order = "GPCS"
request_order = "GP"
register_argc_argv = Off
auto_globals_jit = On
post_max_size = 32M
auto_prepend_file =
auto_append_file =
default_mimetype = "text/html"
default_charset = "UTF-8"
doc_root =
user_dir =
enable_dl = Off
file_uploads = On
upload_max_filesize = 4M
max_file_uploads = 20
allow_url_fopen = On
allow_url_include = Off
default_socket_timeout = 60
[CLI Server]
cli_server.color = On
[Date]
date.timezone = Europe/London
[filter]
[iconv]
[imap]
[intl]
[sqlite3]
[Pcre]
[Pdo]
[Pdo_mysql]
pdo_mysql.default_socket=
[Phar]
[mail function]
SMTP = localhost
smtp_port = 25
mail.add_x_header = Off
[ODBC]
odbc.allow_persistent = On
odbc.check_persistent = On
odbc.max_persistent = -1
odbc.max_links = -1
odbc.defaultlrl = 4096
odbc.defaultbinmode = 1
[MySQLi]
mysqli.max_persistent = -1
mysqli.allow_persistent = On
mysqli.max_links = -1
mysqli.default_port = 3306
mysqli.default_socket =
mysqli.default_host =
mysqli.default_user =
mysqli.default_pw =
mysqli.reconnect = Off
[mysqlnd]
mysqlnd.collect_statistics = On
mysqlnd.collect_memory_statistics = Off
[OCI8]
[PostgreSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
[bcmath]
bcmath.scale = 0
[browscap]
[Session]
session.save_handler = files
session.use_strict_mode = 0
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.cookie_httponly =
session.cookie_samesite =
session.serialize_handler = php
session.gc_probability = 0
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.referer_check =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.sid_length = 26
session.trans_sid_tags = "a=href,area=href,frame=src,form="
session.sid_bits_per_character = 5
[Assertion]
zend.assertions = -1
[COM]
[mbstring]
[gd]
[exif]
[Tidy]
tidy.clean_output = Off
[soap]
soap.wsdl_cache_enabled=1
soap.wsdl_cache_dir="/tmp"
soap.wsdl_cache_ttl=86400
soap.wsdl_cache_limit = 5
[sysvshm]
[ldap]
ldap.max_links = -1
[dba]
[opcache]
[curl]
[openssl]
[ffi]

# cat /etc/php/7.4/fpm/conf.d/*.ini | grep -v ';' | grep -v -e '^$'
extension=mysqlnd.so
zend_extension=opcache.so
extension=pdo.so
extension=xml.so
extension=bcmath.so
extension=calendar.so
extension=ctype.so
extension=curl.so
extension=dom.so
extension=exif.so
extension=ffi.so
extension=fileinfo.so
extension=ftp.so
extension=gd.so
extension=gettext.so
extension=gmp.so
extension=iconv.so
extension=json.so
extension=ldap.so
extension=mbstring.so
extension=mysqli.so
extension=pdo_mysql.so
extension=phar.so
extension=posix.so
extension=readline.so
extension=shmop.so
extension=simplexml.so
extension=sockets.so
extension=sysvmsg.so
extension=sysvsem.so
extension=sysvshm.so
extension=tokenizer.so
extension=xmlreader.so
extension=xmlrpc.so
extension=xmlwriter.so
extension=xsl.so
extension=zip.so

server {
        listen 80;
        server_name zabbix;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        client_max_body_size 20M;        location / {
                try_files $uri $uri/ =404;
        }        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }        location ~ /utils {
                autoindex on;
        }        location ~ /\.ht {
                deny all;
        }
}
Comment by Sergey Kolesnik [ 2021 Sep 09 ]

details and potential fix is available here: https://www.zabbix.com/forum/zabbix-troubleshooting-and-problems/414529-zabbix-5-x-after-upgrade-login-to-frontend-is-always-guest

Comment by banan [ 2021 Dec 08 ]

hello,
i have same problem, can`t login for about half of the year, probably from version 5.4

OS Gentoo
apache-2.4.51
php-7.4.25 (fpm, fast cgi)
zabbix-5.4.8

browser: edge 96, firefox 95

[Wed
Dec 08 15:56:36.209629 2021] [proxy_fcgi:error] [pid 69562:tid
131585894499904] [client ] AH01071: Got error 'PHP message: PHP Fatal
error: Uncaught Exception: Headers already sent. in
/var/www/localhost/htdocs/zabbix/include/classes/helpers/CCookieHelper.php:68\nStack
trace:\n#0
/var/www/localhost/htdocs/zabbix/include/classes/core/CCookieSession.php(126):
CCookieHelper::set()\n#1 [internal function]:
CCookieSession->write()\n#2

{main}

\n thrown in
/var/www/localhost/htdocs/zabbix/include/classes/helpers/CCookieHelper.php
on line 68PHP message: PHP Warning: Unknown: Cannot call session save
handler in a recursive manner in Unknown on line 0', referer:
https://zabbix/zabbix/index.php

curl is working, can login.
curl --cookie "zbx_session=..." -v https://zabbix/zabbix/zabbix.php?action=dashboard.view

session_key in config table is set. tried reset.
autologin 0, or 1. http_login_form 0, or 1...

Comment by Dmitrijs Fofanovs [ 2023 Oct 24 ]

The problem is not with the code. If the user has problems with login, first of all complete these steps:

  • Clear opcache or try to disable it in PHP config. Don't forget to enable it back after successfully login in.
  • Cleaning up session table in the DB could help, don't forget to backup the DB before that. 
  • Don't forget to clean up browser cache and cookies.
  • ZBX-16985 Check your Apache or Nginx cookie settings.
Generated at Wed May 07 05:38:13 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.