M 2.4.3-p1 - TypeError in AdminSessionsManager.php:338 (strtotime() expects parameter 1 to be string, int given)

[simonmaass]

Preconditions (*)

1. Magento 2.4.3-p1

Steps to reproduce (*)

1. When I try to login with SSO...

Expected result (*)

1. Login works

Actual result (*)

TypeError: strtotime() expects parameter 1 to be string, int given
#28 /var/www/share/meevo.io/releases/66/vendor/magento/module-security/Model/AdminSessionsManager.php(338): strtotime

magento2/app/code/Magento/Security/Model/AdminSessionsManager.php

private function lastProlongIsOldEnough()
    {
        $lastProlongTimestamp = strtotime($this->getCurrentSession()->getUpdatedAt());
        $nowTimestamp = $this->authSession->getUpdatedAt();

        $diff = $nowTimestamp - $lastProlongTimestamp;

        return (float) $diff > $this->getIntervalBetweenConsecutiveProlongs();
    }

In this file the line 2.4.3...2.4.3-p1#diff-24fbc4a93c8c25f9ee036f3bf353c3dfca22ee7ff35d0797b6d1c1d7dc012386R6

declare(strict_types=1);

$this->getCurrentSession()->getUpdatedAt() returns int as timestamp... for example 1635087142

Here is the complete trace

TypeError: strtotime() expects parameter 1 to be string, int given
#28 /vendor/magento/module-security/Model/AdminSessionsManager.php(338): strtotime
#27 /vendor/magento/module-security/Model/AdminSessionsManager.php(338): Magento\Security\Model\AdminSessionsManager::lastProlongIsOldEnough
#26 /vendor/magento/module-security/Model/AdminSessionsManager.php(137): Magento\Security\Model\AdminSessionsManager::processProlong
#25 /vendor/magento/module-security/Model/Plugin/AuthSession.php(85): Magento\Security\Model\Plugin\AuthSession::aroundProlong
#24 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Backend\Model\Auth\Session\Interceptor::Magento\Framework\Interception\{closure}
#23 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Backend\Model\Auth\Session\Interceptor::___callPlugins
#22 /Magento/Backend/Model/Auth/Session/Interceptor.php(23): Magento\Backend\Model\Auth\Session\Interceptor::prolong
#21 /vendor/magento/module-backend/App/Action/Plugin/Authentication.php(127): Magento\Backend\App\Action\Plugin\Authentication::aroundDispatch
#20 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Backend\Controller\Adminhtml\Auth\Login\Interceptor::Magento\Framework\Interception\{closure}
#19 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Backend\Controller\Adminhtml\Auth\Login\Interceptor::___callPlugins
#18 /Magento/Backend/Controller/Adminhtml/Auth/Login/Interceptor.php(32): Magento\Backend\Controller\Adminhtml\Auth\Login\Interceptor::dispatch
#17 /vendor/magento/framework/App/FrontController.php(245): Magento\Framework\App\FrontController::getActionResponse
#16 /vendor/magento/framework/App/FrontController.php(212): Magento\Framework\App\FrontController::processRequest
#15 /vendor/magento/framework/App/FrontController.php(147): Magento\Framework\App\FrontController::dispatch
#14 /vendor/magento/framework/Interception/Interceptor.php(58): Magento\Framework\App\FrontController\Interceptor::___callParent
#13 /vendor/magento/framework/Interception/Interceptor.php(138): Magento\Framework\App\FrontController\Interceptor::Magento\Framework\Interception\{closure}
#12 /src/Infortis/ext-magento2-cgen/src/Plugin/Magento/Framework/App/FrontController.php(32): Infortis\Cgen\Plugin\Magento\Framework\App\FrontController::aroundDispatch
#11 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Framework\App\FrontController\Interceptor::Magento\Framework\Interception\{closure}
#10 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Framework\App\FrontController\Interceptor::___callPlugins
#9 /Magento/Framework/App/FrontController/Interceptor.php(23): Magento\Framework\App\FrontController\Interceptor::dispatch
#8 /vendor/magento/framework/App/Http.php(116): Magento\Framework\App\Http::launch
#7 /vendor/magento/framework/Interception/Interceptor.php(58): Magento\Framework\App\Http\Interceptor::___callParent
#6 /vendor/magento/framework/Interception/Interceptor.php(138): Magento\Framework\App\Http\Interceptor::Magento\Framework\Interception\{closure}
#5 /vendor/justbetter/magento2-sentry/Plugin/GlobalExceptionCatcher.php(58): JustBetter\Sentry\Plugin\GlobalExceptionCatcher::aroundLaunch
#4 /vendor/magento/framework/Interception/Interceptor.php(135): Magento\Framework\App\Http\Interceptor::Magento\Framework\Interception\{closure}
#3 /vendor/magento/framework/Interception/Interceptor.php(153): Magento\Framework\App\Http\Interceptor::___callPlugins
#2 /Magento/Framework/App/Http/Interceptor.php(23): Magento\Framework\App\Http\Interceptor::launch
#1 /vendor/magento/framework/App/Bootstrap.php(264): Magento\Framework\App\Bootstrap::run
#0 /index.php(29): null

---

Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.

• Severity: S0 - Affects critical data or functionality and leaves users without workaround.
• Severity: S1 - Affects critical data or functionality and forces users to employ a workaround.
• Severity: S2 - Affects non-critical data or functionality and forces users to employ a workaround.
• Severity: S3 - Affects non-critical data or functionality and does not force users to employ a workaround.
• Severity: S4 - Affects aesthetics, professional look and feel, “quality” or “usability”.

[m2-assistant]

Hi @simonmaass. Thank you for your report.
To speed up processing of this issue, make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, Add a comment to the issue:

@magento give me 2.4-develop instance - upcoming 2.4.x release

For more details, review the Magento Contributor Assistant documentation.

Add a comment to assign the issue: @magento I am working on this

To learn more about issue processing workflow, refer to the Code Contributions.

---

• Join Magento Community Engineering Slack and ask your questions in #github channel.

⚠️ According to the Magento Contribution requirements, all issues must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of issues happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.

🎥 You can find the recording of the previous Community Contributions Triage on the Magento Youtube Channel

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

[hostep]

Possibly regression bug introduced by addition of declare(strict_types=1); in AC-522

[ihor-sviziev]

@sidolov, please set priority to P1

[simonmaass]

in general adding the strict_types is a good thing... i guess it should rather be fixed that

$this->getCurrentSession()->getUpdatedAt()

isnt returning a string but rather a timestamp as int...

[Ylmzef]

i have same issue.

[hostep]

I accidentally ran into a very similar problem on Magento 2.3.7-p2 just now, while trying to login to the backoffice:

Uncaught TypeError: strtotime() expects parameter 1 to be string, null given in vendor/magento/module-security/Model/AdminSessionInfo.php on line 136

Trying to login from an incognito browser does work without issues.

This seems to have been caused by the same commit mentioned above where another declare(strict_types=1); got added for no good reason.

[kanhaiya5590]

Very similar problem/issue found in Magento v2.4.3-p1 or can say same issue what @hostep found in Magento v2.3.7-p2

main.CRITICAL: TypeError: strtotime() expects parameter 1 to be string, null given in /home/web/magento/vendor/magento/module-security/Model/AdminSessionInfo.php:136

This not allow to access admin panel. and in PRODUCTION mode getting An error has happened during application run. See exception log for details.

For quick fix, created patch - https://github.com/kanhaiya5590/CRITICAL-TypeError-strtotime-expects-parameter-1-to-be-string-null-given..AdminSessionInfo.php-136

Direct patch access :
https://github.com/kanhaiya5590/CRITICAL-TypeError-strtotime-expects-parameter-1-to-be-string-null-given..AdminSessionInfo.php-136/blob/main/issue-243p1-AdminSessionsManager.patch
https://github.com/kanhaiya5590/CRITICAL-TypeError-strtotime-expects-parameter-1-to-be-string-null-given..AdminSessionInfo.php-136/blob/main/issue-243p1-AdminSessionInfo.patch

Its solve my purpose but if Magento provide best fix that will be great.

[simonmaass]

@kanhaiya5590 I dont think your patch fixes this error in total in AdminSessionsManager...

As far as I can see $this->getCurrentSession()->getUpdatedAt() returns an int if not null..
TypeError: strtotime() expects parameter 1 to be string, int given

[ihor-sviziev]

@kanhaiya5590, could you create a pull request?