- Issue created by @mazz0016
RuntimeException: Failed to start the session because headers have already been sent by "/var/www/html/vendor/symfony/http-foundation/Response.php" at line 384. in Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage->start() (line 152 of /var/www/html/vendor/symfony/http-foundation/Session/Storage/NativeSessionStorage.php)
Is shown in error logs when logging in from a restricted IP address.
Also the user is unable to log in when trying to log in from a restricted IP address but no error message is shown. The user needs to try logging in a second time and clicking the login button again in order to receive the message the "You are not allowed to login from this IP address. Please contact the Site Administrator." message.
Using PHP 8.1.21 and Drupal Core 9.5.11
1. As a site Administrator, add "REMOTE_ADDR" to the Header to Check field and add the IP range desired in Allowed IP Range field. Then choose the desired role, I chose Content Editor as per the Drupal Vanilla default. Click Save.
2. Create a user with the desired role in the above step. Or take note of a existing user that has the desired role in the above step.
3. In a separate browser where there is currently no admin session or any user session opened. Navigate to your website's login page.
4. Now login as the user from step 2.
5. See the user has not been logged in but no error message is shown.
6. Type the login credentials again for the same user and then try logging in again.
7. See the message above the login form informing the user they are logging in from a restricted IP: "You are not allowed to login from this IP address. Please contact the Site Administrator."
8. Go back to the browser in which you are logged in as an administrator. Go to Recent Log messages. You will now see the RuntimeException error above.
Looking into a possible patch currently...
Active
2.0
Code