Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[HttpFoundation] [Session] Invalid ID not regenerated with native PHP file sessions #46993

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jevrard opened this issue Jul 20, 2022 · 5 comments
Closed

[HttpFoundation] [Session] Invalid ID not regenerated with native PHP file sessions #46993

jevrard opened this issue Jul 20, 2022 · 5 comments
Labels
Bug HttpFoundation Status: Needs Review

Comments

@jevrard
Copy link

jevrard commented Jul 20, 2022

Symfony version(s) affected

6.1.2 and others

Description

I use native PHP file configuration for my session management and I want that invalid session ID be replaced by new one in order to avoid error #45755.

The solution was given by PR #46249 but the newer PR #46678 limits too far its application with the condition 'files' === $this->saveHandler->getSaveHandlerName().

Indeed, since #24523 the service session.handler.native_file wraps NativeFileSessionHandler into StrictSessionHandler which do not extend \SessionHandler. So NativeSessionStorage wraps the handler in SessionHandlerProxy and this one sets $this->saveHandlerName = 'user'.

How to reproduce

# php.ini
session.save_handler = files

Both

# framework.yml
framework:
    session:
        handler_id: session.handler.native_file
        storage_factory_id: session.storage.factory.native

and

# framework.yml
framework:
    session:
        handler_id: null
        storage_factory_id: session.storage.factory.native

produces a strict handler wrapped into a proxy handler which has saveHandlerName = user whereas sessions are managed by files.

Possible Solution

To get the wanted behaviour in my project, I create a custom handler which extends SessionHandlerProxy and wraps the chained NativeFileSessionHandler and StrictSessionHandler. The difference I make is to set saveHandlerName = 'files' in the proxy constructor.

Additional Context

No response
@jevrard jevrard added the Bug label Jul 20, 2022
@symfony symfony deleted a comment from feroenmmek Jul 20, 2022
@nicolas-grekas
Copy link
Member

Could you please see if you could figure out a PR for this?

@xabbuh xabbuh mentioned this issue Jul 30, 2022
Closed
@Rezyan Rezyan mentioned this issue Jul 30, 2022
Merged
@benjamintoussaint
Copy link

Hello,

I would like to know whether the choice of using \SessionHandler opposed to \SessionHandlerInterface was made on purpose in this issue merged patch, because I'm now experiencing an issue with Drupal 9.5.9 which relies on symphony/http-foundation:^4.4.7.

The issue is that Drupal implements Drupal\Core\Session\WriteSafeSessionHandler (view file) which extends \SessionHandlerInterface, causing \Symfony\Component\HttpFoundation\Session\Storage\Proxy\SessionHandlerProxy to fallback to 'user' save handler name despite of the patch of this very issue.

I was able to fix my issue by replacing \SessionHandlerProxy with \SessionHandlerInterface instead in:

Knowing that PHP \SessionHandler implements \SessionHandlerInterface: https://www.php.net/manual/en/class.sessionhandler.php#sessionhandler.synopsis

What do you think?

Thank you very much.

@benjamintoussaint
Copy link

Hi @nicolas-grekas, I was wondering whether I should create a new bug to ask my question, or if asking here on a closed issue would have any visibility. Thank you!

@stof
Copy link
Member

stof commented Nov 25, 2024

Please create a new issue

@benjamintoussaint benjamintoussaint mentioned this issue Dec 13, 2024
Open
@benjamintoussaint
Copy link

I've created a new issue: #59209.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpFoundation Status: Needs Review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nicolas-grekas @stof @benjamintoussaint @carsonbot @jevrard