I upgraded PHP on my local machine to PHP 7.2 recently, and I am no longer able to sign into the EE control panel when it’s running on my local server. It was working fine before PHP 7.2, and nothing relevant has changed with the EE site code.

When I attempt to sign in, I get a message from EE that says: “Error: This form has expired. Please refresh and try again.”

If I enable $config['disable_csrf_protection'] = 'y'; I can sign in and I see that sessions are created, but get bounced back to the login form every time.

After enabling $debug = 1;, I’m seeing a new PHP warning:

session_set_cookie_params(): Cannot change session cookie parameters when session is active

ee/legacy/libraries/Core.php, line 143 show details

I’ve tried truncating exp_sessions, I’ve tried setting these settings in config.php:

$config['cookie_domain'] = "";
$config['cookie_path'] = "";
$config['cookie_prefix'] = "foo";
$config['admin_session_type'] = "s";
$config['user_session_type'] = "c";
$config['require_ip_for_login'] = "n";
$config['require_ip_for_posting'] = "n";
$config['secure_forms'] = "n";

None of which have resolved the issue. This seems to be due to a change in PHP 7.2 that now shows a warning for an issue that was previously failing silently. See https://bugs.php.net/bug.php?id=75650&thanks=2 and https://stackoverflow.com/questions/47700336/php-7-2-warning-cannot-change-session-name-when-session-is-active

Any ideas of what I can try, short of downgrading PHP?