[HttpFoundation] NativeSessionStorage regenerate method wrongly sets storage as started
#15799
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The Session Storage should not be flagged as started if `session_regenerate_id` fails. A common use case would be to attempt regeneration before actually starting the session.
This is to avoid flagging the storage as started(done by `loadSession()`) if the regeneration fails. Also, PHP 7 will throw an error if a regeneration is attempted for non-active sessions.
regenerate wrongly sets storage as startedregenerate wrongly sets storage as started
regenerate wrongly sets storage as startedregenerate method wrongly sets storage as started
|
Updated title to follow contribution standards. |
|
👍 |
| @@ -195,6 +195,11 @@ public function setName($name) | |||
| */ | |||
| public function regenerate($destroy = false, $lifetime = null) | |||
| { | |||
| // Cannot regenerate the session ID for non-active sessions. | |||
| if ('' === session_id()) { | |||
There was a problem hiding this comment.
PHP 5.4 and newer should use session_status(). See start() method.
`session_status()` should be used in PHP >= 5.4 instead of `session_id()`.
|
👍 |
|
Status: Reviewed |
|
Thank you @iambrosi. |
fabpot
added a commit
that referenced
this pull request
Sep 28, 2015
…wrongly sets storage as started (iambrosi) This PR was squashed before being merged into the 2.3 branch (closes #15799). Discussion ---------- [HttpFoundation] NativeSessionStorage `regenerate` method wrongly sets storage as started | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | This PR fixes an error when regenerating session IDs for non-active sessions. Right now, the session is flagged as _started_, no matter if the session ID was successfully regenerated or not, making the storage [unable to _start the session_](https://github.com/symfony/symfony/blob/6393ec31690a3ecc73e5f1f7ea2185cda7aba203/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php#L130-L132) later on. This also fixes a future error with PHP 7, which throws an error if a regeneration is attempted for non-active sessions. ``` session_regenerate_id(): Cannot regenerate session id - session is not active ``` Commits ------- 8e6ef9c [HttpFoundation] NativeSessionStorage method wrongly sets storage as started
This was referenced Oct 27, 2015
Closed
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes an error when regenerating session IDs for non-active sessions.
Right now, the session is flagged as started, no matter if the session ID was successfully regenerated or not, making the storage unable to start the session later on.
This also fixes a future error with PHP 7, which throws an error if a regeneration is attempted for non-active sessions.