[HttpKernel] fix session tracking in surrogate master requests

nicolas-grekas · nicolas-grekas · commit a15c14ebc6e8 · 2018-06-01T15:34:01.000+02:00
diff --git a/src/Symfony/Component/HttpFoundation/Session/Session.php b/src/Symfony/Component/HttpFoundation/Session/Session.php
@@ -29,7 +29,7 @@ class Session implements SessionInterface, \IteratorAggregate, \Countable
     private $flashName;
     private $attributeName;
     private $data = array();
-    private $hasBeenStarted;
+    private $usageIndex = 0;
 
     /**
      * @param SessionStorageInterface $storage    A SessionStorageInterface instance
@@ -54,6 +54,8 @@ public function __construct(SessionStorageInterface $storage = null, AttributeBa
      */
     public function start()
     {
+        ++$this->usageIndex;
+
         return $this->storage->start();
     }
 
@@ -142,13 +144,13 @@ public function count()
     }
 
     /**
-     * @return bool
+     * @return int
      *
      * @internal
      */
-    public function hasBeenStarted()
+    public function getUsageIndex()
     {
-        return $this->hasBeenStarted;
+        return $this->usageIndex;
     }
 
     /**
@@ -158,6 +160,7 @@ public function hasBeenStarted()
      */
     public function isEmpty()
     {
+        ++$this->usageIndex;
         foreach ($this->data as &$data) {
             if (!empty($data)) {
                 return false;
@@ -182,6 +185,8 @@ public function invalidate($lifetime = null)
      */
     public function migrate($destroy = false, $lifetime = null)
     {
+        ++$this->usageIndex;
+
         return $this->storage->regenerate($destroy, $lifetime);
     }
 
@@ -190,6 +195,8 @@ public function migrate($destroy = false, $lifetime = null)
      */
     public function save()
     {
+        ++$this->usageIndex;
+
         $this->storage->save();
     }
 
@@ -230,6 +237,8 @@ public function setName($name)
      */
     public function getMetadataBag()
     {
+        ++$this->usageIndex;
+
         return $this->storage->getMetadataBag();
     }
 
@@ -238,7 +247,7 @@ public function getMetadataBag()
      */
     public function registerBag(SessionBagInterface $bag)
     {
-        $this->storage->registerBag(new SessionBagProxy($bag, $this->data, $this->hasBeenStarted));
+        $this->storage->registerBag(new SessionBagProxy($bag, $this->data, $this->usageIndex));
     }
 
     /**
diff --git a/src/Symfony/Component/HttpFoundation/Session/SessionBagProxy.php b/src/Symfony/Component/HttpFoundation/Session/SessionBagProxy.php
@@ -20,20 +20,22 @@ final class SessionBagProxy implements SessionBagInterface
 {
     private $bag;
     private $data;
-    private $hasBeenStarted;
+    private $usageIndex;
 
-    public function __construct(SessionBagInterface $bag, array &$data, &$hasBeenStarted)
+    public function __construct(SessionBagInterface $bag, array &$data, &$usageIndex)
     {
         $this->bag = $bag;
         $this->data = &$data;
-        $this->hasBeenStarted = &$hasBeenStarted;
+        $this->usageIndex = &$usageIndex;
     }
 
     /**
      * @return SessionBagInterface
      */
     public function getBag()
     {
+        ++$this->usageIndex;
+
         return $this->bag;
     }
 
@@ -42,6 +44,8 @@ public function getBag()
      */
     public function isEmpty()
     {
+        ++$this->usageIndex;
+
         return empty($this->data[$this->bag->getStorageKey()]);
     }
 
@@ -58,7 +62,7 @@ public function getName()
      */
     public function initialize(array &$array)
     {
-        $this->hasBeenStarted = true;
+        ++$this->usageIndex;
         $this->data[$this->bag->getStorageKey()] = &$array;
 
         $this->bag->initialize($array);
@@ -77,6 +81,8 @@ public function getStorageKey()
      */
     public function clear()
     {
+        ++$this->usageIndex;
+
         return $this->bag->clear();
     }
 }
diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
@@ -25,6 +25,8 @@
  */
 abstract class AbstractSessionListener implements EventSubscriberInterface
 {
+    private $sessionUsageStack = array();
+
     public function onKernelRequest(GetResponseEvent $event)
     {
         if (!$event->isMasterRequest()) {
@@ -33,6 +35,7 @@ public function onKernelRequest(GetResponseEvent $event)
 
         $request = $event->getRequest();
         $session = $this->getSession();
+        $this->sessionUsageStack[] = $session instanceof Session ? $session->getUsageIndex() : null;
         if (null === $session || $request->hasSession()) {
             return;
         }
@@ -50,20 +53,29 @@ public function onKernelResponse(FilterResponseEvent $event)
             return;
         }
 
-        if ($session->isStarted() || ($session instanceof Session && $session->hasBeenStarted())) {
+        if ($session instanceof Session ? $session->getUsageIndex() !== end($this->sessionUsageStack) : $session->isStarted()) {
             $event->getResponse()
                 ->setPrivate()
                 ->setMaxAge(0)
                 ->headers->addCacheControlDirective('must-revalidate');
         }
     }
 
+    /**
+     * @internal
+     */
+    public function onFinishRequest()
+    {
+        array_pop($this->sessionUsageStack);
+    }
+
     public static function getSubscribedEvents()
     {
         return array(
             KernelEvents::REQUEST => array('onKernelRequest', 128),
             // low priority to come after regular response listeners, same as SaveSessionListener
             KernelEvents::RESPONSE => array('onKernelResponse', -1000),
+            KernelEvents::FINISH_REQUEST => array('onFinishRequest'),
         );
     }
 
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
@@ -58,8 +58,7 @@ public function testSessionIsSet()
     public function testResponseIsPrivate()
     {
         $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
-        $session->expects($this->once())->method('isStarted')->willReturn(false);
-        $session->expects($this->once())->method('hasBeenStarted')->willReturn(true);
+        $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
 
         $container = new Container();
         $container->set('session', $session);
@@ -76,4 +75,38 @@ public function testResponseIsPrivate()
         $this->assertTrue($response->headers->hasCacheControlDirective('must-revalidate'));
         $this->assertSame('0', $response->headers->getCacheControlDirective('max-age'));
     }
+
+    public function testSurrogateMasterRequestIsPublic()
+    {
+        $session = $this->getMockBuilder(Session::class)->disableOriginalConstructor()->getMock();
+        $session->expects($this->exactly(4))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1, 1, 1));
+
+        $container = new Container();
+        $container->set('session', $session);
+
+        $listener = new SessionListener($container);
+        $kernel = $this->getMockBuilder(HttpKernelInterface::class)->disableOriginalConstructor()->getMock();
+
+        $request = new Request();
+        $response = new Response();
+        $response->setCache(array('public' => true, 'max_age' => '30'));
+        $listener->onKernelRequest(new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST));
+        $this->assertTrue($request->hasSession());
+
+        $subRequest = clone $request;
+        $this->assertSame($request->getSession(), $subRequest->getSession());
+        $listener->onKernelRequest(new GetResponseEvent($kernel, $subRequest, HttpKernelInterface::MASTER_REQUEST));
+        $listener->onKernelResponse(new FilterResponseEvent($kernel, $subRequest, HttpKernelInterface::MASTER_REQUEST, $response));
+        $listener->onFinishRequest();
+
+        $this->assertFalse($response->headers->hasCacheControlDirective('private'));
+        $this->assertFalse($response->headers->hasCacheControlDirective('must-revalidate'));
+        $this->assertSame('30', $response->headers->getCacheControlDirective('max-age'));
+
+        $listener->onKernelResponse(new FilterResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST, $response));
+
+        $this->assertTrue($response->headers->hasCacheControlDirective('private'));
+        $this->assertTrue($response->headers->hasCacheControlDirective('must-revalidate'));
+        $this->assertSame('0', $response->headers->getCacheControlDirective('max-age'));
+   }
 }
diff --git a/src/Symfony/Component/HttpKernel/composer.json b/src/Symfony/Component/HttpKernel/composer.json
@@ -18,7 +18,7 @@
     "require": {
         "php": "^5.5.9|>=7.0.8",
         "symfony/event-dispatcher": "~2.8|~3.0|~4.0",
-        "symfony/http-foundation": "^3.4.4|^4.0.4",
+        "symfony/http-foundation": "~3.4.12|~4.0.12|^4.1.1",
         "symfony/debug": "~2.8|~3.0|~4.0",
         "symfony/polyfill-ctype": "~1.8",
         "psr/log": "~1.0"

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ class Session implements SessionInterface, \IteratorAggregate, \Countable`
`29`	`29`	`private $flashName;`
`30`	`30`	`private $attributeName;`
`31`	`31`	`private $data = array();`
`32`		`- private $hasBeenStarted;`
	`32`	`+ private $usageIndex = 0;`
`33`	`33`
`34`	`34`	`/**`
`35`	`35`	`* @param SessionStorageInterface $storage A SessionStorageInterface instance`
`@@ -54,6 +54,8 @@ public function __construct(SessionStorageInterface $storage = null, AttributeBa`
`54`	`54`	`*/`
`55`	`55`	`public function start()`
`56`	`56`	`{`
	`57`	`+ ++$this->usageIndex;`
	`58`	`+`
`57`	`59`	`return $this->storage->start();`
`58`	`60`	`}`
`59`	`61`
`@@ -142,13 +144,13 @@ public function count()`
`142`	`144`	`}`
`143`	`145`
`144`	`146`	`/**`
`145`		`- * @return bool`
	`147`	`+ * @return int`
`146`	`148`	`*`
`147`	`149`	`* @internal`
`148`	`150`	`*/`
`149`		`- public function hasBeenStarted()`
	`151`	`+ public function getUsageIndex()`
`150`	`152`	`{`
`151`		`- return $this->hasBeenStarted;`
	`153`	`+ return $this->usageIndex;`
`152`	`154`	`}`
`153`	`155`
`154`	`156`	`/**`
`@@ -158,6 +160,7 @@ public function hasBeenStarted()`
`158`	`160`	`*/`
`159`	`161`	`public function isEmpty()`
`160`	`162`	`{`
	`163`	`+ ++$this->usageIndex;`
`161`	`164`	`foreach ($this->data as &$data) {`
`162`	`165`	`if (!empty($data)) {`
`163`	`166`	`return false;`
`@@ -182,6 +185,8 @@ public function invalidate($lifetime = null)`
`182`	`185`	`*/`
`183`	`186`	`public function migrate($destroy = false, $lifetime = null)`
`184`	`187`	`{`
	`188`	`+ ++$this->usageIndex;`
	`189`	`+`
`185`	`190`	`return $this->storage->regenerate($destroy, $lifetime);`
`186`	`191`	`}`
`187`	`192`
`@@ -190,6 +195,8 @@ public function migrate($destroy = false, $lifetime = null)`
`190`	`195`	`*/`
`191`	`196`	`public function save()`
`192`	`197`	`{`
	`198`	`+ ++$this->usageIndex;`
	`199`	`+`
`193`	`200`	`$this->storage->save();`
`194`	`201`	`}`
`195`	`202`
`@@ -230,6 +237,8 @@ public function setName($name)`
`230`	`237`	`*/`
`231`	`238`	`public function getMetadataBag()`
`232`	`239`	`{`
	`240`	`+ ++$this->usageIndex;`
	`241`	`+`
`233`	`242`	`return $this->storage->getMetadataBag();`
`234`	`243`	`}`
`235`	`244`
`@@ -238,7 +247,7 @@ public function getMetadataBag()`
`238`	`247`	`*/`
`239`	`248`	`public function registerBag(SessionBagInterface $bag)`
`240`	`249`	`{`
`241`		`- $this->storage->registerBag(new SessionBagProxy($bag, $this->data, $this->hasBeenStarted));`
	`250`	`+ $this->storage->registerBag(new SessionBagProxy($bag, $this->data, $this->usageIndex));`
`242`	`251`	`}`
`243`	`252`
`244`	`253`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -20,20 +20,22 @@ final class SessionBagProxy implements SessionBagInterface`
`20`	`20`	`{`
`21`	`21`	`private $bag;`
`22`	`22`	`private $data;`
`23`		`- private $hasBeenStarted;`
	`23`	`+ private $usageIndex;`
`24`	`24`
`25`		`- public function __construct(SessionBagInterface $bag, array &$data, &$hasBeenStarted)`
	`25`	`+ public function __construct(SessionBagInterface $bag, array &$data, &$usageIndex)`
`26`	`26`	`{`
`27`	`27`	`$this->bag = $bag;`
`28`	`28`	`$this->data = &$data;`
`29`		`- $this->hasBeenStarted = &$hasBeenStarted;`
	`29`	`+ $this->usageIndex = &$usageIndex;`
`30`	`30`	`}`
`31`	`31`
`32`	`32`	`/**`
`33`	`33`	`* @return SessionBagInterface`
`34`	`34`	`*/`
`35`	`35`	`public function getBag()`
`36`	`36`	`{`
	`37`	`+ ++$this->usageIndex;`
	`38`	`+`
`37`	`39`	`return $this->bag;`
`38`	`40`	`}`
`39`	`41`
`@@ -42,6 +44,8 @@ public function getBag()`
`42`	`44`	`*/`
`43`	`45`	`public function isEmpty()`
`44`	`46`	`{`
	`47`	`+ ++$this->usageIndex;`
	`48`	`+`
`45`	`49`	`return empty($this->data[$this->bag->getStorageKey()]);`
`46`	`50`	`}`
`47`	`51`
`@@ -58,7 +62,7 @@ public function getName()`
`58`	`62`	`*/`
`59`	`63`	`public function initialize(array &$array)`
`60`	`64`	`{`
`61`		`- $this->hasBeenStarted = true;`
	`65`	`+ ++$this->usageIndex;`
`62`	`66`	`$this->data[$this->bag->getStorageKey()] = &$array;`
`63`	`67`
`64`	`68`	`$this->bag->initialize($array);`
`@@ -77,6 +81,8 @@ public function getStorageKey()`
`77`	`81`	`*/`
`78`	`82`	`public function clear()`
`79`	`83`	`{`
	`84`	`+ ++$this->usageIndex;`
	`85`	`+`
`80`	`86`	`return $this->bag->clear();`
`81`	`87`	`}`
`82`	`88`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,8 @@`
`25`	`25`	`*/`
`26`	`26`	`abstract class AbstractSessionListener implements EventSubscriberInterface`
`27`	`27`	`{`
	`28`	`+ private $sessionUsageStack = array();`
	`29`	`+`
`28`	`30`	`public function onKernelRequest(GetResponseEvent $event)`
`29`	`31`	`{`
`30`	`32`	`if (!$event->isMasterRequest()) {`
`@@ -33,6 +35,7 @@ public function onKernelRequest(GetResponseEvent $event)`
`33`	`35`
`34`	`36`	`$request = $event->getRequest();`
`35`	`37`	`$session = $this->getSession();`
	`38`	`+ $this->sessionUsageStack[] = $session instanceof Session ? $session->getUsageIndex() : null;`
`36`	`39`	`if (null === $session \|\| $request->hasSession()) {`
`37`	`40`	`return;`
`38`	`41`	`}`
`@@ -50,20 +53,29 @@ public function onKernelResponse(FilterResponseEvent $event)`
`50`	`53`	`return;`
`51`	`54`	`}`
`52`	`55`
`53`		`- if ($session->isStarted() \|\| ($session instanceof Session && $session->hasBeenStarted())) {`
	`56`	`+ if ($session instanceof Session ? $session->getUsageIndex() !== end($this->sessionUsageStack) : $session->isStarted()) {`
`54`	`57`	`$event->getResponse()`
`55`	`58`	`->setPrivate()`
`56`	`59`	`->setMaxAge(0)`
`57`	`60`	`->headers->addCacheControlDirective('must-revalidate');`
`58`	`61`	`}`
`59`	`62`	`}`
`60`	`63`
	`64`	`+ /**`
	`65`	`+ * @internal`
	`66`	`+ */`
	`67`	`+ public function onFinishRequest()`
	`68`	`+ {`
	`69`	`+ array_pop($this->sessionUsageStack);`
	`70`	`+ }`
	`71`	`+`
`61`	`72`	`public static function getSubscribedEvents()`
`62`	`73`	`{`
`63`	`74`	`return array(`
`64`	`75`	`KernelEvents::REQUEST => array('onKernelRequest', 128),`
`65`	`76`	`// low priority to come after regular response listeners, same as SaveSessionListener`
`66`	`77`	`KernelEvents::RESPONSE => array('onKernelResponse', -1000),`
	`78`	`+ KernelEvents::FINISH_REQUEST => array('onFinishRequest'),`
`67`	`79`	`);`
`68`	`80`	`}`
`69`	`81`