Issue with bx_file_get_contents, cURL and sessions

Yesterday (4/1/2013), I discovered that I was completely unable to access the Dolphin admin of my site which is running 7.1.1. I was able to log INTO the page (which loaded), but once I was in, my browser (Google Chrome) locked up to page requests, and I was unable to load anything at all from my website without completely closing the browser and re-opening. A few quick tests verified that this also occurred in IE and Firefox.

 

Remembering past experiences, I quickly checked to see if Boonex.com was online and a double check via the isup.me website confirmed that the site was offline. (At least in my part of the world)

 

Remembering something I read on the forums a few days back, I disabled the links in the $aPredefinedRssFeeds array in get_rss_feed.php, and was able to access my site again.

 

I had run into something similar to this when I tried to upgrade my site from 7.0.6 to 7.0.9, only that problem had been: if the forum feed was placed on the main home page, the browser locked up tight as a drum and wouldn't respond. My temporary solution to that was to disable the cURL routines in the bx_file_get_contents() function in /inc/utility.inc.php, and to let everything be retrieved through the php file_get_contents() function. However, it now seems that that wasn't fixing things in this scenario.

 

Having grown tired of both problems, and wanting to make as few changes to core Dolphin code as possible, I re-enabled the cURL routines so that they were back to the Dolphin standard, and then began tinkering with them.

 

To limit the problem that occurs when Dolphin tries to "phone home" in the admin, (to get RSS info about current blogs, modules, etc), I added a timeout of 10 seconds to the cURL connection. This way, even if the Boonex site is down, my browser won't sit forever waiting. I was then able to re-enable the Boonex links, and only suffer a minor delay of 10 seconds whenever a page tried to load something.

 

The second problem (the one that made me disable the cURL routines in the first place) was more troubling. I tested everything I could think of, and ruled out a cURL misconfiguration on the server (cURL could pull the page via shell, so it wasn't that) and then began scouring the internet. Finally, I ran across this page: http://stackoverflow.com/questions/5412069/can-i-do-a-curl-request-to-the-same-server

 

It turns out, if you have your server configured to auto-start PHP sessions, OR have either made modifications to your skin or code that uses PHP sessions, that PHP places a lock on the session while the script is running. If the script THEN tried to access another script on the same server which ALSO tries to access the session, then the 2nd script can't access the session because of the lock from the calling script, so waits patiently for the script to end. (whew) This causes the two scripts to wait patiently until the PHP page timeout occurs, at which point the scripts end, and the page never loads.

 

Thankfully, the same article provided a solution which I am posting here:

 

in the bx_file_get_contents() function in /inc/util.inc.php (around line 1161), change the code:

$sResult = curl_exec($rConnect);

to:

curl_setopt($rConnect, CURLOPT_TIMEOUT, 10);
session_write_close();
$sResult = curl_exec($rConnect);
session_start();

 
This adds the timeout so that the connection can't be frozen for more than 10 seconds, AND temporarily closes (and writes) the session before requesting the other page, then reopens it so that any other session variables can be written in later parts of the code if necessary.
 
I'm hoping that Boonex will review this code and implement it in a future update. I'm sure they will probably want to add a check to see if sessions are already open before closing and reopening, but at least it's a start, and the timeout really is needed.
 
There are many people who can write computer programs, but there are very few computer programmers.
Quote · 3 Apr 2013

Thank you for the findings.

I believe that this curl session deadlock problem can't affect Dolphin, since Dolphin doesn't use PHP sessions, instead it uses own database based session implementation. However PHP sessions are used in facebook connect module, in facebook API library provided by facebook, but it should affect RSS feeds. Also it maybe used in some 3rd-party libraries.

But it good idea to set some timeout for curl requests: 

http://www.boonex.com/trac/dolphin/ticket/3118

Rules → http://www.boonex.com/terms
Quote · 8 Apr 2013

I realize that Dolphin doesn't use sessions, but wouldn't it be better to include the session fix so that those modules that *DO* use sessions, or system that have the PHP ini variable session_autostart set  don't require a core code change in order to function? (It might stop future support requests)

There are many people who can write computer programs, but there are very few computer programmers.
Quote · 8 Apr 2013

I've tried to reproduce the problem, but this fix didn't help.

What can be done here is to not use curl at all if there is request to the server itself.

Rules → http://www.boonex.com/terms
Quote · 11 Apr 2013
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.