Backend throws PHP Fatal TypeError when session storage is empty

[pmzandbergen]

Description
When the admin session storage is empty, a PHP Fatal TypeError occurs:

PHP Fatal error:  Uncaught TypeError: strtotime() expects parameter 1 to be string, null given in .../vendor/magento/module-security/Model/AdminSessionInfo.php:136
Stack trace:
#0 .../vendor/magento/module-security/Model/AdminSessionInfo.php(136): strtotime(NULL)
#1 .../vendor/magento/module-security/Model/AdminSessionInfo.php(119): Magento\Security\Model\AdminSessionInfo->isSessionExpired()
#2 .../vendor/magento/module-security/Model/AdminSessionInfo.php(108): Magento\Security\Model\AdminSessionInfo->checkActivity()
#3 .../vendor/magento/module-security/Model/Plugin/AuthSession.php(63): Magento\Security\Model\AdminSessionInfo->isLoggedInStatus()
#4 .../vendor/magento in .../vendor/magento/module-security/Model/AdminSessionInfo.php on line 136

Please note that line numbers might be different in the current version, the problem however still exists.

Since
Introduced with MC-34197:
67fae82
Specific:

magento2/app/code/Magento/Backend/Model/Auth/Session.php

Line 186 in 6b196b5

$sessionUser = $this->getUser();

Suggested Fix
Return true if the session is blank:
https://github.com/magento/magento2/blob/2.4-develop/app/code/Magento/Security/Model/AdminSessionInfo.php#L130

    public function isSessionExpired()
    {
        $lifetime = $this->securityConfig->getAdminSessionLifetime();
        $currentTime = $this->dateTime->gmtTimestamp();
        $lastUpdatedTime = $this->getUpdatedAt();
        if (empty($lastUpdatedTime)) {
            return true;
        }
        if (!is_numeric($lastUpdatedTime)) {
            $lastUpdatedTime = strtotime($lastUpdatedTime);
        }

        return $lastUpdatedTime <= ($currentTime - $lifetime) ? true : false;
    }

[m2-assistant]

Hi @pmzandbergen. Thank you for your report.
To speed up processing of this issue, make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, review the Magento Contributor Assistant documentation.

Add a comment to assign the issue: @magento I am working on this

To learn more about issue processing workflow, refer to the Code Contributions.

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[simonmaass]

related... #34415

[kanevbg]

Magento version 2.3.7-p2 has the same issue.

[albsa]

@kanevbg did you find any solution for it?

[albsa]

@kanevbg did you find any solution for it?

[kanhaiya5590]

Hi @albsa and @kanevbg,

https://github.com/magento/magento2/pull/34606/files

If want to quick soluton then update

1. app/code/Magento/Security/Model/AdminSessionInfo.php
2. app/code/Magento/Security/Model/AdminSessionsManager.php

files logic in respective place or create a patch file and apply.

do have look on solution which added for 2.3.7 version, logic is same/similar like 2.4.x

[kanevbg]

@albsa since than I created patch and already using on production. Let me help you
HD-MDVA-42269-1.zip

[albsa]

@kanhaiya5590 i tried multiple times yesterdya with that patch, but composer kept failing with applying the patch. @kanevbg I am trying your hotfix right now, hoping it works.

[albsa]

@kanhaiya5590 @kanevbg Now I keep getting that the You current session has expired when signing in. Cleared cache, history cookies, etc. Did you guys also had this issue?

[albsa]

@kanhaiya5590 @kanevbg Now I keep getting that the You current session has expired when signing in. Cleared cache, history cookies, etc. Did you guys also had this issue?

[albsa]

For other people regarding this matter, if you applied this patch and still can't login, we had this issue https://magento.stackexchange.com/questions/353147/can-we-increase-the-system-security-session-size-at-admin-on-magento-2

[2022-04-12 13:11:50] report.WARNING: Session size of 489033 exceeded allowed session max size of 400000.

Solved it by running this command on CLI bin/magento config:set system/security/max_session_size_admin 800000

[albsa]

For other people regarding this matter, if you applied this patch and still can't login, we had this issue https://magento.stackexchange.com/questions/353147/can-we-increase-the-system-security-session-size-at-admin-on-magento-2

[2022-04-12 13:11:50] report.WARNING: Session size of 489033 exceeded allowed session max size of 400000.

Solved it by running this command on CLI bin/magento config:set system/security/max_session_size_admin 800000

[tthierryEra]

This issue happens when I change my database and I had an active session. Clearing my cooke and re-login in solved this.

[theiconnz]

Clear the cookies, and try again. It worked