M 2.4.3-p1 - TypeError in AdminSessionsManager.php:338 (strtotime() expects parameter 1 to be string, int given)

[simonmaass]

Preconditions (*)

1. Magento 2.4.3-p1

Steps to reproduce (*)

1. When I try to login with SSO...

Expected result (*)

1. Login works

Actual result (*)

TypeError: strtotime() expects parameter 1 to be string, int given
#28 /var/www/share/meevo.io/releases/66/vendor/magento/module-security/Model/AdminSessionsManager.php(338): strtotime

magento2/app/code/Magento/Security/Model/AdminSessionsManager.php

private function lastProlongIsOldEnough()
    {
        $lastProlongTimestamp = strtotime($this->getCurrentSession()->getUpdatedAt());
        $nowTimestamp = $this->authSession->getUpdatedAt();

        $diff = $nowTimestamp - $lastProlongTimestamp;

        return (float) $diff > $this->getIntervalBetweenConsecutiveProlongs();
    }

In this file the line 2.4.3...2.4.3-p1#diff-24fbc4a93c8c25f9ee036f3bf353c3dfca22ee7ff35d0797b6d1c1d7dc012386R6

declare(strict_types=1);

$this->getCurrentSession()->getUpdatedAt() returns int as timestamp... for example 1635087142

Here is the complete trace

TypeError: strtotime() expects parameter 1 to be string, int given
#28 /vendor/magento/module-security/Model/AdminSessionsManager.php(338): strtotime
#27 /vendor/magento/module-security/Model/AdminSessionsManager.php(338): Magento\Security\Model\AdminSessionsManager::lastProlongIsOldEnough
#26 /vendor/magento/module-security/Model/AdminSessionsManager.php(137): Magento\Security\Model\AdminSessionsManager::processProlong
#25 /vendor/magento/module-security/Model/Plugin/AuthSession.php(85): Magento\Security\Model\Plugin\AuthSession::aroundProlong
#24 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Backend\Model\Auth\Session\Interceptor::Magento\Framework\Interception\{closure}
#23 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Backend\Model\Auth\Session\Interceptor::___callPlugins
#22 /Magento/Backend/Model/Auth/Session/Interceptor.php(23): Magento\Backend\Model\Auth\Session\Interceptor::prolong
#21 /vendor/magento/module-backend/App/Action/Plugin/Authentication.php(127): Magento\Backend\App\Action\Plugin\Authentication::aroundDispatch
#20 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Backend\Controller\Adminhtml\Auth\Login\Interceptor::Magento\Framework\Interception\{closure}
#19 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Backend\Controller\Adminhtml\Auth\Login\Interceptor::___callPlugins
#18 /Magento/Backend/Controller/Adminhtml/Auth/Login/Interceptor.php(32): Magento\Backend\Controller\Adminhtml\Auth\Login\Interceptor::dispatch
#17 /vendor/magento/framework/App/FrontController.php(245): Magento\Framework\App\FrontController::getActionResponse
#16 /vendor/magento/framework/App/FrontController.php(212): Magento\Framework\App\FrontController::processRequest
#15 /vendor/magento/framework/App/FrontController.php(147): Magento\Framework\App\FrontController::dispatch
#14 /vendor/magento/framework/Interception/Interceptor.php(58): Magento\Framework\App\FrontController\Interceptor::___callParent
#13 /vendor/magento/framework/Interception/Interceptor.php(138): Magento\Framework\App\FrontController\Interceptor::Magento\Framework\Interception\{closure}
#12 /src/Infortis/ext-magento2-cgen/src/Plugin/Magento/Framework/App/FrontController.php(32): Infortis\Cgen\Plugin\Magento\Framework\App\FrontController::aroundDispatch
#11 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Framework\App\FrontController\Interceptor::Magento\Framework\Interception\{closure}
#10 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Framework\App\FrontController\Interceptor::___callPlugins
#9 /Magento/Framework/App/FrontController/Interceptor.php(23): Magento\Framework\App\FrontController\Interceptor::dispatch
#8 /vendor/magento/framework/App/Http.php(116): Magento\Framework\App\Http::launch
#7 /vendor/magento/framework/Interception/Interceptor.php(58): Magento\Framework\App\Http\Interceptor::___callParent
#6 /vendor/magento/framework/Interception/Interceptor.php(138): Magento\Framework\App\Http\Interceptor::Magento\Framework\Interception\{closure}
#5 /vendor/justbetter/magento2-sentry/Plugin/GlobalExceptionCatcher.php(58): JustBetter\Sentry\Plugin\GlobalExceptionCatcher::aroundLaunch
#4 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Framework\App\Http\Interceptor::Magento\Framework\Interception\{closure}
#3 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Framework\App\Http\Interceptor::___callPlugins
#2 /Magento/Framework/App/Http/Interceptor.php(23): Magento\Framework\App\Http\Interceptor::launch
#1 /vendor/magento/framework/App/Bootstrap.php(264): Magento\Framework\App\Bootstrap::run
#0 /index.php(29): null

---

Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.

• Severity: S0 - Affects critical data or functionality and leaves users without workaround.
• Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
• Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
• Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
• Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.

[m2-assistant]

Hi @simonmaass. Thank you for your report.
To speed up processing of this issue, make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, review the Magento Contributor Assistant documentation.

Add a comment to assign the issue: @magento I am working on this

To learn more about issue processing workflow, refer to the Code Contributions.

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[hostep]

Possibly regression bug introduced by addition of declare(strict_types=1); in AC-522

[ihor-sviziev]

@sidolov, please set priority to P1

[simonmaass]

in general adding the strict_types is a good thing... i guess it should rather be fixed that

$this->getCurrentSession()->getUpdatedAt()

isnt returning a string but rather a timestamp as int...

[Ylmzef]

i have same issue.

[hostep]

I accidentally ran into a very similar problem on Magento 2.3.7-p2 just now, while trying to login to the backoffice:

Uncaught TypeError: strtotime() expects parameter 1 to be string, null given in vendor/magento/module-security/Model/AdminSessionInfo.php on line 136

Trying to login from an incognito browser does work without issues.

This seems to have been caused by the same commit mentioned above where another declare(strict_types=1); got added for no good reason.

[kanhaiya5590]

Very similar problem/issue found in Magento v2.4.3-p1 or can say same issue what @hostep found in Magento v2.3.7-p2

main.CRITICAL: TypeError: strtotime() expects parameter 1 to be string, null given in /home/web/magento/vendor/magento/module-security/Model/AdminSessionInfo.php:136

This not allow to access admin panel. and in PRODUCTION mode getting An error has happened during application run. See exception log for details.

For quick fix, created patch - https://github.com/kanhaiya5590/CRITICAL-TypeError-strtotime-expects-parameter-1-to-be-string-null-given..AdminSessionInfo.php-136

Direct patch access :
https://github.com/kanhaiya5590/CRITICAL-TypeError-strtotime-expects-parameter-1-to-be-string-null-given..AdminSessionInfo.php-136/blob/main/issue-243p1-AdminSessionsManager.patch
https://github.com/kanhaiya5590/CRITICAL-TypeError-strtotime-expects-parameter-1-to-be-string-null-given..AdminSessionInfo.php-136/blob/main/issue-243p1-AdminSessionInfo.patch

Its solve my purpose but if Magento provide best fix that will be great.

[simonmaass]

@kanhaiya5590 I dont think your patch fixes this error in total in AdminSessionsManager...

As far as I can see $this->getCurrentSession()->getUpdatedAt() returns an int if not null..
TypeError: strtotime() expects parameter 1 to be string, int given

[ihor-sviziev]

@kanhaiya5590, could you create a pull request?

[kanhaiya5590]

@kanhaiya5590 I dont think your patch fixes this error in total in AdminSessionsManager...

As far as I can see $this->getCurrentSession()->getUpdatedAt() returns an int if not null.. TypeError: strtotime() expects parameter 1 to be string, int given

Thanks as i was got issue for null but i updated the patch file with an extra condition check is_numeric($lastUpdatedTime), hope this will solve your concern.

Please do share the feedback.

[ihor-sviziev]

@sidolov FYI I set priority to P1 as this issue prevents logging in to the admin

[jgmdigital]

Is there any update on this issue?

[ihor-sviziev]

@jgmdigital,
As for now, you can apply the changes from the following PR: #34514

[github-jira-sync-bot]

✅ Jira issue https://jira.corp.magento.com/browse/AC-2505 is successfully created for this GitHub issue.

[m2-assistant]

✅ Confirmed by @engcom-Alfa. Thank you for verifying the issue.
Issue Available: @engcom-Alfa, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

[kanevbg]

Magento version 2.3.7-p2 has the same issue.

[simonmaass]

Can confirm this issue for 2.4.4 still exists

[ihor-sviziev]

@kanevbg @simonmaass, unless these changes aren't released yet, you can apply changes from #34514 as a patch.
Info about patching is there: https://devdocs.magento.com/guides/v2.4/comp-mgr/patching/composer.html

[kanevbg]

@ihor-sviziev I have patched it back then by doing minimalist patch looking at the commit following similar principle (only changed things which matter to the code/logic), and I have applied it with hotfix type of patching in the project, because the original patch (MDVA-42269) was failing in my case. Here is the patch file I use for 2.3.7-p2, in case someone finds it useful:
HD-MDVA-42269-1.zip

[Ig0r-M-magic42]

@kanevbg the session is still mentioned as expired due to the fact that in patch the value is set to 0 which is checked in \Magento\Security\Model\Plugin\AuthSession::aroundProlong that prevents further execution and thus \Magento\Security\Model\AdminSessionsManager::lastProlongIsOldEnough is not triggered.

I was wondering if you managed to get other clues onto this issue??

[tuyennn]

Confirm same issue on EE 2.4.3-p2

[christianbookpwood]

Just FYI, this is also an issue in 2.3.7-p4.

Does anyone know if/when this issue has been fixed in Magento's core code?

[hostep]

@christianbookpwood: The code from the PR that fixed this is included in Magento 2.4.5 and higher.