Skip to content

Commit

Permalink
[HttpKernel] Use the existing session id if available.
Browse files Browse the repository at this point in the history
  • Loading branch information
@trsteel88 @nicolas-grekas
trsteel88 authored and nicolas-grekas committed Apr 12, 2022
1 parent 8a2ad2a commit d6cb5bb
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 12 deletions.
20 changes: 10 additions & 10 deletions EventListener/AbstractSessionListener.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,17 +72,17 @@ public function onKernelRequest(RequestEvent $event)
$request->setSessionFactory(function () use (&$sess, $request) {
if (!$sess) {
$sess = $this->getSession();
}

/*
* For supporting sessions in php runtime with runners like roadrunner or swoole, the session
* cookie needs to be read from the cookie bag and set on the session storage.
*
* Do not set it when a native php session is active.
*/
if ($sess && !$sess->isStarted() && \PHP_SESSION_ACTIVE !== session_status()) {
$sessionId = $request->cookies->get($sess->getName(), '');
$sess->setId($sessionId);
/*
* For supporting sessions in php runtime with runners like roadrunner or swoole, the session
* cookie needs to be read from the cookie bag and set on the session storage.
*
* Do not set it when a native php session is active.
*/
if ($sess && !$sess->isStarted() && \PHP_SESSION_ACTIVE !== session_status()) {
$sessionId = $sess->getId() ?: $request->cookies->get($sess->getName(), '');
$sess->setId($sessionId);
}
}

return $sess;
Expand Down
38 changes: 36 additions & 2 deletions Tests/EventListener/SessionListenerTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,40 @@ public function testSessionCookieNotWrittenCookieGiven()
$this->assertCount(0, $cookies);
}

/**
* @runInSeparateProcess
*/
public function testNewSessionIdIsNotOverwritten()
{
$newSessionId = $this->createValidSessionId();

$this->assertNotEmpty($newSessionId);

$request = new Request();
$request->cookies->set('PHPSESSID', 'OLD-SESSION-ID');

$listener = $this->createListener($request, new NativeSessionStorageFactory());

$kernel = $this->createMock(HttpKernelInterface::class);
$listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));

$session = $request->getSession();
$this->assertSame($newSessionId, $session->getId());
$session->set('hello', 'world');

$response = new Response();
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
$this->assertSame($newSessionId, $session->getId());

$cookies = $response->headers->getCookies();

$this->assertCount(1, $cookies);
$sessionCookie = $cookies[0];

$this->assertSame('PHPSESSID', $sessionCookie->getName());
$this->assertSame($newSessionId, $sessionCookie->getValue());
}

/**
* @runInSeparateProcess
*/
Expand Down Expand Up @@ -488,7 +522,7 @@ public function testUninitializedSessionWithoutInitializedSession()
public function testSurrogateMainRequestIsPublic()
{
$session = $this->createMock(Session::class);
$session->expects($this->exactly(2))->method('getName')->willReturn('PHPSESSID');
$session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
$session->expects($this->exactly(4))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1, 1, 1));

$container = new Container();
Expand Down Expand Up @@ -528,7 +562,7 @@ public function testSurrogateMainRequestIsPublic()
public function testGetSessionIsCalledOnce()
{
$session = $this->createMock(Session::class);
$session->expects($this->exactly(2))->method('getName')->willReturn('PHPSESSID');
$session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
$sessionStorage = $this->createMock(NativeSessionStorage::class);
$kernel = $this->createMock(KernelInterface::class);

Expand Down

0 comments on commit d6cb5bb

Please sign in to comment.