[Security/Http] don't require the session to be started when tracking its id

nicolas-grekas · nicolas-grekas · commit c39188a7ccbc · 2020-03-17T22:55:56.000+01:00
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -115,10 +115,10 @@ public function authenticate(RequestEvent $event)
 
         if (null !== $session) {
             $usageIndexValue = method_exists(Request::class, 'getPreferredFormat') && $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0;
-            $sessionId = $session->getId();
+            $sessionId = $request->cookies->get($session->getName());
             $token = $session->get($this->sessionKey);
 
-            if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) {
+            if ($this->sessionTrackerEnabler && \in_array($sessionId, [true, $session->getId()], true)) {
                 $usageIndexReference = $usageIndexValue;
             }
         }
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/ContextListenerTest.php
@@ -344,6 +344,26 @@ public function testDeauthenticatedEvent()
         $this->assertNull($tokenStorage->getToken());
     }
 
+    /**
+     * @requires function \Symfony\Component\HttpFoundation\Request::getPreferredFormat
+     */
+    public function testWithPreviousNotStartedSession()
+    {
+        $session = new Session(new MockArraySessionStorage());
+
+        $request = new Request();
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $usageIndex = $session->getUsageIndex();
+
+        $tokenStorage = new TokenStorage();
+        $listener = new ContextListener($tokenStorage, [], 'context_key', null, null, null, [$tokenStorage, 'getToken']);
+        $listener(new RequestEvent($this->getMockBuilder(HttpKernelInterface::class)->getMock(), $request, HttpKernelInterface::MASTER_REQUEST));
+
+        $this->assertSame($usageIndex, $session->getUsageIndex());
+    }
+
     protected function runSessionOnKernelResponse($newToken, $original = null)
     {
         $session = new Session(new MockArraySessionStorage());

Original file line number	Diff line number	Diff line change
`@@ -115,10 +115,10 @@ public function authenticate(RequestEvent $event)`
`115`	`115`
`116`	`116`	`if (null !== $session) {`
`117`	`117`	`$usageIndexValue = method_exists(Request::class, 'getPreferredFormat') && $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0;`
`118`		`- $sessionId = $session->getId();`
	`118`	`+ $sessionId = $request->cookies->get($session->getName());`
`119`	`119`	`$token = $session->get($this->sessionKey);`
`120`	`120`
`121`		`- if ($this->sessionTrackerEnabler && $session->getId() === $sessionId) {`
	`121`	`+ if ($this->sessionTrackerEnabler && \in_array($sessionId, [true, $session->getId()], true)) {`
`122`	`122`	`$usageIndexReference = $usageIndexValue;`
`123`	`123`	`}`
`124`	`124`	`}`