Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[HttpFoundation] Fix invalid ID not regenerated with native PHP file sessions#47130
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
derrabus left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Thank you for your PR. Would it be possible to add a test that reproduces the bug you're attempting to fix? I'd like to make sure we don't reintroduce it in the future.
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.phpShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
ghost commentedJul 31, 2022
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
LGTM, here are some final notes
src/Symfony/Component/HttpFoundation/Session/Storage/Handler/StrictSessionHandler.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/HttpFoundation/Session/Storage/Proxy/SessionHandlerProxy.phpShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Proxy/SessionHandlerProxyTest.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Proxy/SessionHandlerProxyTest.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
ghost left a comment• edited by ghost
Loading Uh oh!
There was an error while loading.Please reload this page.
edited by ghost
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Maybe we should use a more intuitive name for the method? LikeisInternalWrapper,wrapsInternalHandler,hasInternalHandler. What do you think@nicolas-grekas? In my opinion, this makes the method more understandable.
/** * Returns true if this handler wraps an internal PHP session save handler using \SessionHandler. * * @internal */- public function isWrapper(): bool+ public function isInternalWrapper(): bool { return $this->handler instanceof \SessionHandler; }
/** * Returns true if this handler wraps an internal PHP session save handler using \SessionHandler. * * @internal */- public function isWrapper(): bool+ public function wrapsInternalHandler(): bool { return $this->handler instanceof \SessionHandler; }
/** * Returns true if this handler wraps an internal PHP session save handler using \SessionHandler. * * @internal */- public function isWrapper(): bool+ public function hasInternalHandler(): bool { return $this->handler instanceof \SessionHandler; }
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I'm fine with isWrapper: this is what AbstractProxy uses already for the same thing
nicolas-grekas commentedAug 1, 2022
Thank you@brokensourcecode. |
Uh oh!
There was an error while loading.Please reload this page.
Inside the
SessionHandlerProxyclass, the code defines$this->saveHandlerNameto\ini_get('session.save_handler')when$handleris an instance of\SessionHandler.symfony/src/Symfony/Component/HttpFoundation/Session/Storage/Proxy/SessionHandlerProxy.php
Lines 24 to 25 in818d4dd
But inside the
NativeSessionStorageclass, the code create an instance ofStrictSessionHandlerthat doesn't inherit from\SessionHandlerand is passed to theSessionHandlerProxyconstructor.symfony/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
Lines 422 to 424 in818d4dd
Therefore, we could create a
isWrapper()method inside theStrictSessionHandlerclass to check if the wrapped handler is an internal PHP session handler (\SessionHandler), just likeAbstractProxy::isWrapper().That's the only solution I have in mind right now.