Fix #7280, ER2 client not working on PHP 5.6+

[tristanlins]

PHP 5.6 seems to introduce a (maybe buggy) cookie support for SOAP clients.
We now unset cookies from the SOAP client before each request.

[leofeyer]

OMG! Thanks a bunch for debugging this PHP sadness (not yet there).

[Tastaturberuf]

Danke @tristanlins! Ich patch gleich manuell.

[tristanlins]

@leofeyer alternative couldn't you stop using sessions in the SOAP server?

[leofeyer]

I am? You still have access to the rep_server repository. Did you already check?

[tristanlins]

Öhm, where was the rep_server repository gone? O.o

[leofeyer]

It is now also called repository. Sorry, should have mentioned.

[tristanlins]

Argh, youre absolutely right, I searched at the wrong place on github >.<

[tristanlins]

Meehh this could be difficult, the service include the initialize.php which always starts a session... I don't think that this would work without greater refactoring...

[leofeyer]

I have already added a session_destroy() call after the initialize.php call, but it does not solve the problem. It seems the error is thrown by Nginx, so I tend to think that the IDS on the server might be blocking the request, probably because it does not know that SOAP requests can have cookies now :)

[leofeyer]

Nope, it is not the IDS.

[discordier]

I wonder why this suddenly appeared as Cookie support has been in SOAP for a pretty long time.

It was introduced to PHP in 5.0.4 (see http://php.net/manual/de/soapclient.setcookie.php).

The must be something strange on the rep server PHP&nginx combination.

Non the less, we do not need the cookie as we do not use the session in any way in the rep server, therefore we should find a way to unset it.

[leofeyer]

Although cookie support was introduces in PHP 5.0.4, the SoapClient::__getCookies() method has only been added in PHP 5.6.0. And it seems they have changed something so now it automatically send the PHP session cookie.

[leofeyer]

I have also tried it on Apache level:

RequestHeader unset Cookie
Header unset Set-Cookie

Did not work either.

[leofeyer]

This might shed some light on the issue: php/php-src#472 (comment) You can also see the related change set.

[leofeyer]

Here is the log entry from the server:

2014/09/19 19:59:45 [info] 8598#0: *1126 client sent invalid header line: "Cookie: PHPSESSID^@=50qksj9lfjgq8bbmk1uju80mr2;^M
^M
^_<8b>^H^@^@^@^@^@^D^C<95><92>]KÃ0^T<86>ï÷óM×<83>ñË<83><8c>ÇãôÕäê^K)TÖ<94>Ô^B^@^^A^@<94>­WI(ÄÚ^YØlH¯r<8e><85>Ì?W<97>ä<8a>¦ah5iæw°Ä|?fãbé/<97>ò<82>¿<85>»jîÑ$<85>9!^HåÛú²^GY)^Kä)ÐÒ]^F^CU^]^N^D^V^D^T¬Æñ<95>:<8e>+U¹û     ^F^[0<80>¡^B<88>ï¢0^_^F^CU^]#^D^X0^V^\0^Z<82>^L*.contao.org<82>
contao.org0<82>^AV^F^CU^] ^D<82>^AM0<82>^AI0^H^F^Fg<

[leofeyer]

So obviously, PHP 5.6.0 is appending stuff to the header line?

[discordier]

Yes it is, see my comment at: #7280 (comment)

I wrote down my findings.
Additionally I comitted a new patch to repository server which hopefully fixes this bug.

[tristanlins]

@leofeyer omg, I would recommend to close this PR, because this is a PHP 5.6.0 specific bug?!