Minz allow parallel sessions (#3096)

* Minz allow parallel sessions

#fix https://github.com/FreshRSS/FreshRSS/issues/3093

* Array optimisation

* Array optimisation missing

* Reduce direct access to $_SESSION except in install process

* Fix session start headers warning

* Use cookie only the first time the session is started:
`PHP Warning:  session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`

* New concept of volatile session for API calls

Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:

```
PHP Warning:  session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```

* Only call Minz_Session::init once in our index

It was called twice (once indirectly via FreshRSS->init())

* Whitespace

* Mutex for notifications

Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809

* Typo

* Install script is not ready for using Minz_Session

7 files changed, 58 insertions, 35 deletions

diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index e7bff363e..342c577e2 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -141,9 +141,11 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 			);
 			if ($ok) {
 				// Set session parameter to give access to the user.
-				Minz_Session::_param('currentUser', $username);
-				Minz_Session::_param('passwordHash', $conf->passwordHash);
-				Minz_Session::_param('csrf');
+				Minz_Session::_params([
+					'currentUser' => $username,
+					'passwordHash' => $conf->passwordHash,
+					'csrf' => false,
+				]);
 				FreshRSS_Auth::giveAccess();
 
 				// Set cookie parameter if nedded.
@@ -190,9 +192,11 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 			$ok = password_verify($password, $s);
 			unset($password);
 			if ($ok) {
-				Minz_Session::_param('currentUser', $username);
-				Minz_Session::_param('passwordHash', $s);
-				Minz_Session::_param('csrf');
+				Minz_Session::_params([
+					'currentUser' => $username,
+					'passwordHash' => $s,
+					'csrf' => false,
+				]);
 				FreshRSS_Auth::giveAccess();
 
 				Minz_Translate::init($conf->language);
diff --git a/app/Controllers/errorController.php b/app/Controllers/errorController.php
index b0bafda72..a5f901fd4 100644
--- a/app/Controllers/errorController.php
+++ b/app/Controllers/errorController.php
@@ -16,8 +16,10 @@ class FreshRSS_error_Controller extends Minz_ActionController {
 	public function indexAction() {
 		$code_int = Minz_Session::param('error_code', 404);
 		$error_logs = Minz_Session::param('error_logs', array());
-		Minz_Session::_param('error_code');
-		Minz_Session::_param('error_logs');
+		Minz_Session::_params([
+			'error_code' => false,
+			'error_logs' => false,
+		]);
 
 		switch ($code_int) {
 		case 200 :
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 4dfd11751..06c9ebc04 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -350,9 +350,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			// get started immediately.
 			if ($ok && !FreshRSS_Auth::hasAccess('admin')) {
 				$user_conf = get_user_configuration($new_user_name);
-				Minz_Session::_param('currentUser', $new_user_name);
-				Minz_Session::_param('passwordHash', $user_conf->passwordHash);
-				Minz_Session::_param('csrf');
+				Minz_Session::_params([
+					'currentUser' => $new_user_name,
+					'passwordHash' => $user_conf->passwordHash,
+					'csrf' => false,
+				]);
 				FreshRSS_Auth::giveAccess();
 			}
 
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index fcbf37fa3..77a244843 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -23,8 +23,10 @@ class FreshRSS_Auth {
 		if ($current_user === '') {
 			$conf = Minz_Configuration::get('system');
 			$current_user = $conf->default_user;
-			Minz_Session::_param('currentUser', $current_user);
-			Minz_Session::_param('csrf');
+			Minz_Session::_params([
+				'currentUser' => $current_user,
+				'csrf' => false,
+			]);
 		}
 
 		if (self::$login_ok) {
@@ -55,9 +57,11 @@ class FreshRSS_Auth {
 			$current_user = '';
 			if (isset($credentials[1])) {
 				$current_user = trim($credentials[0]);
-				Minz_Session::_param('currentUser', $current_user);
-				Minz_Session::_param('passwordHash', trim($credentials[1]));
-				Minz_Session::_param('csrf');
+				Minz_Session::_params([
+					'currentUser' => $current_user,
+					'passwordHash' => trim($credentials[1]),
+					'csrf' => false,
+				]);
 			}
 			return $current_user != '';
 		case 'http_auth':
@@ -79,8 +83,10 @@ class FreshRSS_Auth {
 				]);
 			}
 			if ($login_ok) {
-				Minz_Session::_param('currentUser', $current_user);
-				Minz_Session::_param('csrf');
+				Minz_Session::_params([
+					'currentUser' => $current_user,
+					'csrf' => false,
+				]);
 			}
 			return $login_ok;
 		case 'none':
@@ -118,8 +124,10 @@ class FreshRSS_Auth {
 			self::$login_ok = false;
 		}
 
-		Minz_Session::_param('loginOk', self::$login_ok);
-		Minz_Session::_param('REMOTE_USER', httpAuthUser());
+		Minz_Session::_params([
+			'loginOk' => self::$login_ok,
+			'REMOTE_USER' => httpAuthUser(),
+		]);
 		return self::$login_ok;
 	}
 
@@ -153,9 +161,11 @@ class FreshRSS_Auth {
 	 */
 	public static function removeAccess() {
 		self::$login_ok = false;
-		Minz_Session::_param('loginOk');
-		Minz_Session::_param('csrf');
-		Minz_Session::_param('REMOTE_USER');
+		Minz_Session::_params([
+			'loginOk' => false,
+			'csrf' => false,
+			'REMOTE_USER' => false,
+		]);
 		$system_conf = Minz_Configuration::get('system');
 
 		$username = '';
diff --git a/app/Models/DatabaseDAO.php b/app/Models/DatabaseDAO.php
index 2e0ee25a0..9d762a615 100644
--- a/app/Models/DatabaseDAO.php
+++ b/app/Models/DatabaseDAO.php
@@ -20,11 +20,10 @@ class FreshRSS_DatabaseDAO extends Minz_ModelPdo {
 
 		try {
 			$sql = sprintf($SQL_CREATE_DB, empty($db['base']) ? '' : $db['base']);
-			return $this->pdo->exec($sql) !== false;
+			return $this->pdo->exec($sql) === false ? 'Error during CREATE DATABASE' : '';
 		} catch (Exception $e) {
-			$_SESSION['bd_error'] = $e->getMessage();
-			syslog(LOG_DEBUG, __method__ . ' warning: ' . $e->getMessage());
-			return false;
+			syslog(LOG_DEBUG, __method__ . ' notice: ' . $e->getMessage());
+			return $e->getMessage();
 		}
 	}
 
@@ -33,11 +32,10 @@ class FreshRSS_DatabaseDAO extends Minz_ModelPdo {
 			$sql = 'SELECT 1';
 			$stm = $this->pdo->query($sql);
 			$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-			return $res != false;
+			return $res == false ? 'Error during SQL connection test!' : '';
 		} catch (Exception $e) {
-			$_SESSION['bd_error'] = $e->getMessage();
 			syslog(LOG_DEBUG, __method__ . ' warning: ' . $e->getMessage());
-			return false;
+			return $e->getMessage();
 		}
 	}
 
diff --git a/app/actualize_script.php b/app/actualize_script.php
index ffa6baedb..18b7f99f8 100755
--- a/app/actualize_script.php
+++ b/app/actualize_script.php
@@ -78,8 +78,10 @@ foreach ($users as $user) {
 		}
 	}
 
-	Minz_Session::_param('currentUser', '_');
-	Minz_Session::_param('loginOk');
+	Minz_Session::_params([
+		'currentUser' => '_',
+		'loginOk' => false,
+	]);
 	gc_collect_cycles();
 }
 
diff --git a/app/install.php b/app/install.php
index bed2a8383..5093b45a6 100644
--- a/app/install.php
+++ b/app/install.php
@@ -163,9 +163,14 @@ function saveStep2() {
 
 		$ok = false;
 		try {
-			Minz_Session::_param('currentUser', $config_array['default_user']);
-			$ok = initDb();
-			Minz_Session::_param('currentUser');
+			$_SESSION['currentUser'] = $config_array['default_user'];
+			$error = initDb();
+			unset($_SESSION['currentUser']);
+			if ($error != '') {
+				$_SESSION['bd_error'] = $error;
+			} else {
+				$ok = true;
+			}
 		} catch (Exception $ex) {
 			$_SESSION['bd_error'] = $ex->getMessage();
 			$ok = false;