WordPress Authentication: DaDaBIK session is lost when a WP page is loaded

[nickmomrik]

After setting up the auth via WordPress I was getting these errors:

PHP Warning:  session_name(): Cannot change session name when headers already sent in ...
PHP Warning:  ini_set(): Headers already sent. You cannot change the session module's ini settings at this time in ...
PHP Warning:  session_set_cookie_params(): Cannot change session cookie parameters when headers already sent ...
PHP Warning:  session_start(): Cannot start session when headers already sent in ...

I also kept getting logged out of DaDaBIK.
By adding

if ( defined( 'DOING_CRON' ) && DOING_CRON ) {
    return;
}

to the top of

set_user_session()

the problems seem to be resolved (so far).

Hadn't been able to determine if using the P2 theme, which does a lot of background AJAX polling, has been part of the problem yet. The reason I think it might be part of the issue is because I was also getting the PHP warnings on some of the

wp-admin/admin-ajax.php

loads.

WordPress: 6.3
DaDaBIK: 11.10-Elba enterprise
PHP Version: 7.4.33
mysql version: 5.7.42-0ubuntu0.18.04.1
Web server: Apache/2.4.57 (Ubuntu)
Client: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36

By the way, I noticed in all of the documentation and code that the p in WordPress isn't properly capitalized. ;-)

 

[nickmomrik]

Actually right after posting this, I was logged out of DaDaBIK, so that part of the problem is still happening.

 

[nickmomrik]

After more testing, I can reliably reproduce the logouts, which seem to only be affecting the App's Admin Area.

1. Have a DaDaBIK app open
2. Refresh a URL on the WordPress site in another browser tab
3. Switch back to the app
4. Click on Edit This App
5. I get the DaDaBIK login form

I however can load the app again and still access it, even the users and groups there. Refresh a WordPress URL again and then the Admin Area works again.

 

[eugenio]

Hello Nick,
thanks for the detailed report, I will look into that. I moved the discussion to the support forum and edited the title; a support forum thread is moved by admins to the bugs forum only when the bug has been verified. Please edit your original post adding info about DaDaBIK and WP versions (check https://dadabik.com/forum/index.php?forums/support-forum.1/post-thread for instructions).

About WP capitalization, you are right, that needs to be fixed

Best,

 

[nickmomrik]

Please edit your original post adding info about DaDaBIK and WP versions

Done!

 

[eugenio]

Done!

The DaDaBIK version is missing.

 

[nickmomrik]

Oh yeah, I noticed that quickly after copying and pasting and added it.

 

[eugenio]

Hello,
are you sure WP is installed in a subdirectory of the DaDaBIK's directory as required?
I have tried to replicate this issue but I can only do it if WP is not in a DaDaBIK's subdir.

 

[nickmomrik]

are you sure WP is installed in a subdirectory of the DaDaBIK's directory as required?

It is not, and the manual says it needs to be the opposite way...

The Wordpress authentication feature requires that the DaDaBIK application is installed in a subdirectory of the Wordpress site (same domain) and that the same users (same username) is available both in Wordpress and DaDaBIK.

I just loaded up the video from the manual and it shows DaDaBIK being installed inside the WordPress folder as well. Is the manual wrong?

 

[eugenio]

Hello,
sorry I actually meant DaDaBIK in a subdir of WP, the manual is correct.

After additional tests, I confirm the issue, which is more complex than expected: loading a WP page destroys the DaDaBIK's current session; this means not only the login status but other info you may have in session e.g. the fact that you sorted a table by a particular field.

In most of the cases you don't realize this because every time you load a DaDaBIK page (but only the front-end, not the admin area, as you have noticed), DaDaBIK sees the WP user logged and re-logs them in DaDaBIK as well, but the other session info are lost.

I will move this thread in the bugs forum, not sure if there is an easy solution but at least the documentation will be updated.

Thanks again for reporting this.

Best,

 

[nickmomrik]

Is there any update on this?

 

[eugenio]

No, still an open issue.