Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 4.5, 4.6
-
Fix Version/s: Unscheduled
-
Component/s: CiviMail
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Contributed Code
Description
SOAP requests to process bounces, unsubscribes, resubscribes, etc in Joomla result in "Invalid Key" errors.
To reproduce simply trigger a SOAP request for bounce or unsubscribe and you will receive the "Invalid Key" error back.
This is occurring on Joomla with CiviCRM 4.5.0+
This error is coming from CRM_Utils_SoapServer::verify function. The session value set in CRM_Utils_SoapServer::authenticate request that happens before the verify request gets lost between requests.
I believe this is happening because in CRM_Utils_SoapServer::authenticate Joomla CMS gets bootstrapped and the session is stored within the CRM_Core_Session after the user is authenticated.
However in CRM_Utils_SoapServer::verify the CMS is not bootstrapped plus there is a session_start call in the soap.php that starts the session bypassing the CRM_Core_Session singleton.
The proposed solution is attached and includes part of the code proposed here:
https://issues.civicrm.org/jira/browse/CRM-13229
The solution is to remove the session_start() call in extern/soap.php and additionally ensure that we bootstrap the CMS in CRM_Utils_SoapServer::verify so that we can recover the proper session using CRM_Core_Session.
I found another related issue here that is more general and applies to all extern scripts:
https://issues.civicrm.org/jira/browse/CRM-13249