NativeSessionStorage::regenerate bug #7380
Labels
Comments
fabpot
added a commit
to fabpot/symfony
that referenced
this issue
Jun 13, 2013
fabpot
added a commit
that referenced
this issue
Jun 13, 2013
This PR was merged into the 2.2 branch. Discussion ---------- [HttpFoundation] fixed issue with session_regenerate_id (closes #7380) | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #7380 | License | MIT | Doc PR | n/a Commits ------- 77f2aa8 [HttpFoundation] fixed issue with session_regenerate_id (closes #7380)
|
This patch broke sessions completely for me when it got pulled in with release 2.2.3. From what I can tell, every time something is written to a session (e.g. a user login with FOSUserBundle), a new session is now created before the response is served. This way I can no longer log in on my site. Navigating on static pages however seems to keep the session intact. I am maintaining sessions in Memcache identical to this configuration under PHP 5.3.10 executing with php-fpm under nginx, running on Ubuntu 12.04 LTS Server. Let me know if you need additional info. |
Closed
|
@fabpot This patch introduces a showstopper bug from 2.2.3 onwards for my projects. What course of action do you propose (other than staying on 2.2.2 for now)? |
fabpot
added a commit
that referenced
this issue
Jun 23, 2013
* 2.2: [Form] fixed INF usage which does not work on Solaris (closes #8246) Fix grammar bumped Symfony version to 2.2.4 updated VERSION for 2.2.3 update CONTRIBUTORS for 2.2.3 updated CHANGELOG for 2.2.3 [Process] Disable exception on stream_select timeout [HttpFoundation] fixed issue with session_regenerate_id (closes #7380) [DomCrawler] added a note about the default charset [Console] fixed regression when calling a command foo:bar if there is another one like foo:bar:baz (closes #8245) force the Content-Type to html in the web profiler controllers Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
fabpot
added a commit
that referenced
this issue
Jun 23, 2013
* 2.3: (33 commits) [Form] fixed INF usage which does not work on Solaris (closes #8246) Fix grammar Removed PHP 5.5 from the allowed failures. [Intl] Fixed tests failing on PHP 5.5 bumped Symfony version to 2.2.4 updated VERSION for 2.2.3 update CONTRIBUTORS for 2.2.3 updated CHANGELOG for 2.2.3 [DependencyInjection] Replaced try/catch block with an @ExpectedException annotation in a test. [CssSelector] tweaked README file (closes #8287) added a node about HTML extension in readme [Console] Fixed the table rendering with multi-byte strings. Feature/fix unit tests [Process] Disable exception on stream_select timeout [HttpFoundation] fixed issue with session_regenerate_id (closes #7380) [DomCrawler] added a note about the default charset Throw exception if value is passed to VALUE_NONE input, long syntax fixed date type format pattern regex [Security] fixed usage of the salt for the bcrypt encoder (refs #8210) [FrameworkBundle] tweaked previous merge (refs #8242) ... Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
|
@advancingu Downgrading to 2.2.2 is the way to go for now. I'm still investigating the issue. |
|
+1 |
|
+1. I got the same issue. |
|
i'm currently using symfony 2.3.1 --> works :-) |
|
@simonchrz What configuration are you using for session management? Did you observe the issue in 2.2.3 and then it went away when upgrading to 2.3.1? |
|
This definitely breaks when upgrading to Symfony 2.3.3 when you are using memcache sessions. Downgrading to <= 2.2.2 resolves the issue. |
|
I'm encountering the same issue in Symfony 2.3.3 when using session.handler.memcache. Downgrading to 2.3.1 or using session.handler.native_file resolves the issue. |
klmatom
pushed a commit
to klmatom/symfony
that referenced
this issue
Aug 16, 2013
…/redis session storage Per https://bugs.php.net/bug.php?id=61470, and in fixing symfony#7380, the following error occurs when using a Memcache or Redis session store w/ Symfony security: "Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.)". This patch applies the first fix only if the session store is "files"
klmatom
pushed a commit
to klmatom/symfony
that referenced
this issue
Aug 16, 2013
…/redis session storage Per https://bugs.php.net/bug.php?id=61470, and in fixing symfony#7380, the following error occurs when using a Memcache or Redis session store w/ Symfony security: "Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.)". This patch applies the first fix only if the session store is "files" {HttpFoundation] [Session] fixed session compatibility with memcached/redis session storage Per https://bugs.php.net/bug.php?id=61470, and in fixing symfony#7380, the following error occurs when using a Memcache or Redis session store w/ Symfony security: "Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.)". This patch applies the first fix only if the session store is "files"
fabpot
pushed a commit
that referenced
this issue
Aug 17, 2013
…/redis session storage Per https://bugs.php.net/bug.php?id=61470, and in fixing #7380, the following error occurs when using a Memcache or Redis session store w/ Symfony security: "Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.)". This patch applies the first fix only if the session store is "files" {HttpFoundation] [Session] fixed session compatibility with memcached/redis session storage Per https://bugs.php.net/bug.php?id=61470, and in fixing #7380, the following error occurs when using a Memcache or Redis session store w/ Symfony security: "Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.)". This patch applies the first fix only if the session store is "files"
fabpot
added a commit
that referenced
this issue
Aug 17, 2013
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes #8776). Discussion ---------- {HttpFoundation] [Session] fixed session compatibility with memcached/re... ...dis session storage | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | no (no new failng/errors introduced) | Fixed tickets | 7380 | License | MIT Per https://bugs.php.net/bug.php?id=61470, and in fixing #7380, the following error occurs when using a Memcache or Redis session store w/ Symfony security: "Authentication exception occurred; redirecting to authentication entry point (A Token was not found in the SecurityContext.)". This patch applies the first fix only if the session store is "files" Commits ------- eb8d8eb {HttpFoundation] [Session] fixed session compatibility with memcached/redis session storage
Tobion
added a commit
to Tobion/symfony
that referenced
this issue
Oct 27, 2014
The original issue symfony#7380 was just caused because the developer missed to save the session before doing the redirect. That's all. This reverts symfony#8270 and following.
Tobion
added a commit
to Tobion/symfony
that referenced
this issue
Oct 30, 2014
The original issue symfony#7380 was just caused because the developer missed to save the session before doing the redirect. That's all. This reverts symfony#8270 and following.
fabpot
added a commit
that referenced
this issue
Nov 2, 2014
This PR was merged into the 2.3 branch. Discussion ---------- [Session] remove invalid hack in session regenerate | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | - | License | MIT | Doc PR | - The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. Such mistakes won't happen anymore with #12341 This reverts #8270 and following. Also it makes absolutely no sense to do this only for the `files` save handler which creates huge inconsistencies. All save handlers are affected and it's more a documentation thing. Commits ------- 703d906 [Session] remove invalid workaround in session regenerate
ostrolucky
pushed a commit
to ostrolucky/symfony
that referenced
this issue
Mar 25, 2018
* 2.2: [Form] fixed INF usage which does not work on Solaris (closes symfony#8246) Fix grammar bumped Symfony version to 2.2.4 updated VERSION for 2.2.3 update CONTRIBUTORS for 2.2.3 updated CHANGELOG for 2.2.3 [Process] Disable exception on stream_select timeout [HttpFoundation] fixed issue with session_regenerate_id (closes symfony#7380) [DomCrawler] added a note about the default charset [Console] fixed regression when calling a command foo:bar if there is another one like foo:bar:baz (closes symfony#8245) force the Content-Type to html in the web profiler controllers Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
ostrolucky
pushed a commit
to ostrolucky/symfony
that referenced
this issue
Mar 25, 2018
* 2.3: (33 commits) [Form] fixed INF usage which does not work on Solaris (closes symfony#8246) Fix grammar Removed PHP 5.5 from the allowed failures. [Intl] Fixed tests failing on PHP 5.5 bumped Symfony version to 2.2.4 updated VERSION for 2.2.3 update CONTRIBUTORS for 2.2.3 updated CHANGELOG for 2.2.3 [DependencyInjection] Replaced try/catch block with an @ExpectedException annotation in a test. [CssSelector] tweaked README file (closes symfony#8287) added a node about HTML extension in readme [Console] Fixed the table rendering with multi-byte strings. Feature/fix unit tests [Process] Disable exception on stream_select timeout [HttpFoundation] fixed issue with session_regenerate_id (closes symfony#7380) [DomCrawler] added a note about the default charset Throw exception if value is passed to VALUE_NONE input, long syntax fixed date type format pattern regex [Security] fixed usage of the salt for the bcrypt encoder (refs symfony#8210) [FrameworkBundle] tweaked previous merge (refs symfony#8242) ... Conflicts: src/Symfony/Component/HttpKernel/Kernel.php
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage::regenerate call to session_regenerate_id. session_regenerate_id does not create and lock new session file until script terminates.
It's a bug of PHP (https://bugs.php.net/bug.php?id=61470&edit=1) that persist in php 5.3 and 5.4. So using session_regenerate_id is undesirable.
For example I authenticate user in controller, so I call $this->sessionStrategy->onAuthentication($this->container->get('request'), $token); which calls session_regenerate_id. But if I using swiftmailer with memory spool and redirect user after authentication in controller like this:
Session data is empty if browser opens new location before than script terminates, so user is not authenticated. But after waiting some time and refreshing page user became authenticated.
The text was updated successfully, but these errors were encountered: