migrating session for UsernamePasswordJsonAuthenticationListener

weaverryan · fabpot · commit 51fa731abbc7 · 2018-05-23T15:55:00.000+02:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/UsernamePasswordJsonAuthenticationListener.php
@@ -141,6 +141,8 @@ private function onSuccess(Request $request, TokenInterface $token)
             $this->logger->info('User has been authenticated successfully.', array('username' => $token->getUsername()));
         }
 
+        $this->migrateSession($request);
+
         $this->tokenStorage->setToken($token);
 
         if (null !== $this->eventDispatcher) {
@@ -184,4 +186,15 @@ private function onFailure(Request $request, AuthenticationException $failed)
 
         return $response;
     }
+
+    private function migrateSession(Request $request)
+    {
+        if (!$request->hasSession() || !$request->hasPreviousSession()) {
+            return;
+        }
+        // Destroying the old session is broken in php 5.4.0 - 5.4.10
+        // See https://bugs.php.net/63379
+        $destroy = \PHP_VERSION_ID < 50400 || \PHP_VERSION_ID >= 50411;
+        $request->getSession()->migrate($destroy);
+    }
 }
