[HttpKernel][Security] Fix accessing session for stateless request

VincentLanglet · fabpot · commit 40341a1f6dd2 · 2024-06-17T07:58:45.000+02:00
diff --git a/src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php b/src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php
@@ -66,7 +66,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
         $sessionMetadata = [];
         $sessionAttributes = [];
         $flashes = [];
-        if ($request->hasSession()) {
+        if (!$request->attributes->getBoolean('_stateless') && $request->hasSession()) {
             $session = $request->getSession();
             if ($session->isStarted()) {
                 $sessionMetadata['Created'] = date(\DATE_RFC822, $session->getMetadataBag()->getCreated());
diff --git a/src/Symfony/Component/HttpKernel/EventListener/ProfilerListener.php b/src/Symfony/Component/HttpKernel/EventListener/ProfilerListener.php
@@ -97,7 +97,7 @@ public function onKernelResponse(ResponseEvent $event)
             return;
         }
 
-        $session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
+        $session = !$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
 
         if ($session instanceof Session) {
             $usageIndexValue = $usageIndexReference = &$session->getUsageIndex();
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/ProfilerListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/ProfilerListenerTest.php
@@ -40,8 +40,8 @@ public function testKernelTerminate()
             ->willReturn($profile);
 
         $kernel = $this->createMock(HttpKernelInterface::class);
-        $mainRequest = $this->createMock(Request::class);
-        $subRequest = $this->createMock(Request::class);
+        $mainRequest = new Request();
+        $subRequest = new Request();
         $response = $this->createMock(Response::class);
 
         $requestStack = new RequestStack();
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -95,7 +95,7 @@ public function authenticate(RequestEvent $event)
         }
 
         $request = $event->getRequest();
-        $session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
+        $session = !$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
 
         $request->attributes->set('_security_firewall_run', $this->sessionKey);
 

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ public function onKernelResponse(ResponseEvent $event)`
`97`	`97`	`return;`
`98`	`98`	`}`
`99`	`99`
`100`		`- $session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;`
	`100`	`+ $session = !$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;`
`101`	`101`
`102`	`102`	`if ($session instanceof Session) {`
`103`	`103`	`$usageIndexValue = $usageIndexReference = &$session->getUsageIndex();`
Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,7 @@ public function authenticate(RequestEvent $event)`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`$request = $event->getRequest();`
`98`		`- $session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;`
	`98`	`+ $session = !$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;`
`99`	`99`
`100`	`100`	`$request->attributes->set('_security_firewall_run', $this->sessionKey);`
`101`	`101`