Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] fixed session creation when none is needed (closes #6917) #6964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 4, 2013
Merged

[Security] fixed session creation when none is needed (closes #6917) #6964

merged 1 commit into from
Feb 4, 2013

Conversation

fabpot
Copy link
Member

@fabpot fabpot commented Feb 4, 2013

Q A
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #6917
License MIT
Doc PR n/a

@fabpot fabpot mentioned this pull request Feb 4, 2013
Closed
@ghost
Copy link

ghost commented Feb 4, 2013

That looks good. Maybe we need a test for this logic to prevent any regression in the future?

@bendavies
Copy link
Contributor

Yep, this was exactly what i tried locally, but really wasn't familiar enough with it to be confident enough to submit it as a fix.

Works for me!

@bendavies
Copy link
Contributor

A few test failures which were added by the breaking PR #2414 in the first place.

@fabpot
Copy link
Member Author

fabpot commented Feb 4, 2013

I've fixed the tests which now really test that the session is not started.

fabpot added a commit that referenced this pull request Feb 4, 2013
@fabpot
merged branch fabpot/avoid-session-creation (PR #6964)
3e2ff71 
This PR was merged into the 2.1 branch.

Commits
-------

8ca00c5 [Security] fixed session creation when none is needed (closes #6917)

Discussion
----------

[Security] fixed session creation when none is needed (closes #6917)

| Q             | A
| ------------- | ---
| Bug fix?      | yes
| New feature?  | no
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #6917
| License       | MIT
| Doc PR        | n/a

---------------------------------------------------------------------------

by drak at 2013-02-04T16:24:49Z

That looks good. Maybe we need a test for this logic to prevent any regression in the future?

---------------------------------------------------------------------------

by bendavies at 2013-02-04T16:30:38Z

Yep, this was exactly what i tried locally, but really wasn't familiar enough with it to be confident enough to submit it as a fix.

Works for me!

---------------------------------------------------------------------------

by bendavies at 2013-02-04T17:19:32Z

A few test failures which were added by the breaking PR #2414 in the first place.

---------------------------------------------------------------------------

by fabpot at 2013-02-04T18:00:31Z

I've fixed the tests which now really test that the session is not started.
@fabpot fabpot merged commit 8ca00c5 into symfony:2.1 Feb 4, 2013
@bendavies
Copy link
Contributor

Awesome, thanks.

@bendavies
Copy link
Contributor

@fabpot what is the process for this being merged to 2.2/master etc.?

@fabpot
Copy link
Member Author

fabpot commented Feb 5, 2013

it has been merged to 2.1 and will eventually be merged to 2.2 and master (probably in the next couple of days).

@bendavies
Copy link
Contributor

saw 2.1. wasn't sure about 2.2 and master. thanks!

Baachi
Baachi reviewed Feb 6, 2013
View reviewed changes
src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php
$listener->onKernelResponse($event);

return $session;
}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo :)

@lightglitch
Copy link

This commit breaks an API where the first request is a "POST /login", in this case the authentication always fails, but on the second request it works.

@fabpot
Copy link
Member Author

fabpot commented Feb 7, 2013

@can you create a proper ticket so that we don't loose this regression? Thanks.

@lightglitch lightglitch mentioned this pull request Feb 7, 2013
Closed
@lightglitch
Copy link

@fabpot Done and adriensamson already implemented a fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@fabpot @bendavies @lightglitch @Baachi