Fix broken session initialization re lcMessages/applyLocale logic

diff --git a/CRM/Core/BAO/ConfigSetting.php b/CRM/Core/BAO/ConfigSetting.php
index f26cc34c4ada679de6159aead3f33a8bbcaf8bb9..4ce934ae2d1666a4c7885567e93bb8528c2acd8f 100644 (file)
--- a/CRM/Core/BAO/ConfigSetting.php
+++ b/CRM/Core/BAO/ConfigSetting.php
@@ -216,6 +216,9 @@ class CRM_Core_BAO_ConfigSetting {
       // and it's valid against our configured locales, we require the session
       // to store this, even if that means starting an anonymous session.
       $session->set('lcMessages', $chosenLocale);
+
+      // Clear menu cache if we've changed locale.
+      CRM_Core_BAO_Navigation::resetNavigation();
     }
 
     /*

diff --git a/CRM/Core/Config.php b/CRM/Core/Config.php
index 86353a8a497199b613a314d8abe448b623ee42f3..ce7043d2a8549d8d8960a50e4d9cb7f081e7660b 100644 (file)
--- a/CRM/Core/Config.php
+++ b/CRM/Core/Config.php
@@ -87,6 +87,12 @@ class CRM_Core_Config extends CRM_Core_Config_MagicMerge {
       \Civi\Core\Container::boot($loadFromDB);
       if ($loadFromDB && self::$_singleton->dsn) {
         $domain = \CRM_Core_BAO_Domain::getDomain();
+        if (CIVICRM_UF === 'Standalone') {
+          // Standalone's session cannot be initialized until CiviCRM is booted,
+          // since it is defined in an extension, and we need the session
+          // initialized before calling applyLocale.
+          \CRM_Core_Session::singleton()->initialize();
+        }
         \CRM_Core_BAO_ConfigSetting::applyLocale(\Civi::settings($domain->id), $domain->locales);
 
         unset($errorScope);

diff --git a/CRM/Utils/System/Standalone.php b/CRM/Utils/System/Standalone.php
index 070f596d07cf268d7ad66927a52475b65a0dbada..0604fd6ebf18343d5b4e4376589bfdf730a20a54 100644 (file)
--- a/CRM/Utils/System/Standalone.php
+++ b/CRM/Utils/System/Standalone.php
@@ -36,18 +36,6 @@ class CRM_Utils_System_Standalone extends CRM_Utils_System_Base {
     return !class_exists(\Civi\Standalone\Security::class);
   }
 
-  public function initialize() {
-    parent::initialize();
-    // Initialize the session if it looks like there might be one.
-    // Case 1: user sends no session cookie: do NOT start the session. May be anon access that does not require session data. Good for caching.
-    // Case 2: user sends a session cookie: start the session, so we can access data like lcMessages for localization (which occurs early in the boot process).
-    // Case 3: user sends a session cookie but it's invalid: start the session, it will be empty and a new cookie will be sent.
-    if (isset($_COOKIE['PHPSESSID'])) {
-      // Note: passing $isRead = FALSE in the arguments will cause the session to be started.
-      CRM_Core_Session::singleton()->initialize(FALSE);
-    }
-  }
-
   /**
    * @inheritdoc
    */
@@ -598,7 +586,7 @@ class CRM_Utils_System_Standalone extends CRM_Utils_System_Base {
     $session_handler = new SessionHandler();
     session_set_save_handler($session_handler);
 
-    $session_max_lifetime = Civi::settings()->get('standaloneusers_session_max_lifetime');
+    $session_max_lifetime = Civi::settings()->get('standaloneusers_session_max_lifetime') ?? 1440;
 
     session_start([
       'cookie_httponly'  => 1,

diff --git a/setup/res/index.php.txt b/setup/res/index.php.txt
index 1af5a24da1b36e002b847655ee1b4e20d4d3b9b6..42157b5f980363055e1b2e23c93c0a8e34725ff9 100644 (file)
--- a/setup/res/index.php.txt
+++ b/setup/res/index.php.txt
@@ -3,8 +3,6 @@
 function invoke() {
   $requestUri = $_SERVER['REQUEST_URI'] ?? '';
 
-  // Required so that the userID is set before generating the menu
-  \CRM_Core_Session::singleton()->initialize();
   // Add CSS, JS, etc. that is required for this page.
   \CRM_Core_Resources::singleton()->addCoreResources();
   $parts = explode('?', $requestUri);