[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()

This closes #774, and fixes #772.
2011-05-05 08:35:02 +02:00 · 2011-05-05 08:35:02 +02:00 · 362b7264d1
commit 362b7264d1
parent c3084050a0
4 changed files with 23 additions and 3 deletions
--- a/UPDATE.md
+++ b/UPDATE.md
@ -120,6 +120,10 @@ beta1 to beta2
          'allow_add' => true,
          'allow_delete' => true,
      ));
+      
+* Request::hasSession() has been renamed to Request::hasPreviousSession(). The
+  method hasSession() still exists, but only checks if the request contains a
+  session object, not if the session was started in a previous request.

 PR12 to beta1
 -------------
--- a/src/Symfony/Bundle/FrameworkBundle/RequestListener.php
+++ b/src/Symfony/Bundle/FrameworkBundle/RequestListener.php
@ -67,7 +67,7 @@ class RequestListener
        }

        // starts the session if a session cookie already exists in the request...
-        if ($request->hasSession()) {
+        if ($request->hasPreviousSession()) {
            $request->getSession()->start();
        }
    }
--- a/src/Symfony/Component/HttpFoundation/Request.php
+++ b/src/Symfony/Component/HttpFoundation/Request.php
@ -308,12 +308,28 @@ class Request
        return $this->session;
    }

-    public function hasSession()
+    /**
+     * Whether the request contains a Session which was started in one of the
+     * previous requests.
+     *
+     * @return boolean
+     */
+    public function hasPreviousSession()
    {
        // the check for $this->session avoids malicious users trying to fake a session cookie with proper name
        return $this->cookies->has(session_name()) && null !== $this->session;
    }

+    /**
+     * Whether the request contains a Session object.
+     *
+     * @return boolean
+     */
+    public function hasSession()
+    {
+        return null !== $this->session;
+    }
+
    public function setSession(Session $session)
    {
        $this->session = $session;
--- a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@ -62,7 +62,7 @@ class ContextListener implements ListenerInterface
    {
        $request = $event->getRequest();

-        $session = $request->hasSession() ? $request->getSession() : null;
+        $session = $request->hasPreviousSession() ? $request->getSession() : null;

        if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
            $this->context->setToken(null);