On PHP 7.2, these warning show up in the logs at admin/reports/dblog:
- Warning: session_id(): Cannot change session id when headers already sent in drupal_session_initialize() (line 266 of includes/session.inc).
- Warning: session_set_save_handler(): Cannot change save handler when headers already sent in drupal_session_initialize() (line 242 of includes/session.inc).
Steps to reproduce:
- Enable page cache;
- Enable statistics module;
- Enable access log at admin/config/system/statistics;
- As anonymous user load a cached page which is longer than PHP output buffer, or of any length if PHP output_buffering is disabled
In this case, statistics_exit() is initializing session after the page has already been sent.
The proposed patch at #48 no longer attempts to initialize a session in statistics_exit(). Requests being served from the page cache will have empty string stored in the sid column of the accesslog table, which is what session_id() returns when there is no session.
