Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 703d906

Browse files
TobionTobion
committed
[Session] remove invalid workaround in session regenerate
The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. This reverts #8270 and following.
1 parent 20e7cf1 commit 703d906

File tree

2 files changed

+9
-17
lines changed

2 files changed

+9
-17
lines changed

src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Lines changed: 1 addition & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -206,23 +206,7 @@ public function regenerate($destroy = false, $lifetime = null)
206206
$this->metadataBag->stampNew();
207207
}
208208

209-
$ret = session_regenerate_id($destroy);
210-
211-
// workaround for https://bugs.php.net/bug.php?id=61470 as suggested by David Grudl
212-
if ('files' === $this->getSaveHandler()->getSaveHandlerName()) {
213-
session_write_close();
214-
if (isset($_SESSION)) {
215-
$backup = $_SESSION;
216-
session_start();
217-
$_SESSION = $backup;
218-
} else {
219-
session_start();
220-
}
221-
222-
$this->loadSession();
223-
}
224-
225-
return $ret;
209+
return session_regenerate_id($destroy);
226210
}
227211

228212
/**

src/Symfony/Component/HttpFoundation/Session/Storage/SessionStorageInterface.php

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -88,6 +88,14 @@ public function setName($name);
8888
* Note regenerate+destroy should not clear the session data in memory
8989
* only delete the session data from persistent storage.
9090
*
91+
* Care: When regenerating the session ID no locking is involved in PHPs
92+
* session design. See https://bugs.php.net/bug.php?id=61470 for a discussion.
93+
* So you must make sure the regenerated session is saved BEFORE sending the
94+
* headers with the new ID. Symfonys HttpKernel offers a listener for this.
95+
* See Symfony\Component\HttpKernel\EventListener\SaveSessionListener.
96+
* Otherwise session data could get lost again for concurrent requests with the
97+
* new ID. One result could be that you get logged out after just logging in.
98+
*
9199
* @param bool $destroy Destroy session when regenerating?
92100
* @param int $lifetime Sets the cookie lifetime for the session cookie. A null value
93101
* will leave the system settings unchanged, 0 sets the cookie

0 commit comments

Comments
 (0)