[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()
This closes #774, and fixes #772.
This commit is contained in:
parent
c3084050a0
commit
362b7264d1
@ -120,6 +120,10 @@ beta1 to beta2
|
|||||||
'allow_add' => true,
|
'allow_add' => true,
|
||||||
'allow_delete' => true,
|
'allow_delete' => true,
|
||||||
));
|
));
|
||||||
|
|
||||||
|
* Request::hasSession() has been renamed to Request::hasPreviousSession(). The
|
||||||
|
method hasSession() still exists, but only checks if the request contains a
|
||||||
|
session object, not if the session was started in a previous request.
|
||||||
|
|
||||||
PR12 to beta1
|
PR12 to beta1
|
||||||
-------------
|
-------------
|
||||||
|
@ -67,7 +67,7 @@ class RequestListener
|
|||||||
}
|
}
|
||||||
|
|
||||||
// starts the session if a session cookie already exists in the request...
|
// starts the session if a session cookie already exists in the request...
|
||||||
if ($request->hasSession()) {
|
if ($request->hasPreviousSession()) {
|
||||||
$request->getSession()->start();
|
$request->getSession()->start();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -308,12 +308,28 @@ class Request
|
|||||||
return $this->session;
|
return $this->session;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function hasSession()
|
/**
|
||||||
|
* Whether the request contains a Session which was started in one of the
|
||||||
|
* previous requests.
|
||||||
|
*
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function hasPreviousSession()
|
||||||
{
|
{
|
||||||
// the check for $this->session avoids malicious users trying to fake a session cookie with proper name
|
// the check for $this->session avoids malicious users trying to fake a session cookie with proper name
|
||||||
return $this->cookies->has(session_name()) && null !== $this->session;
|
return $this->cookies->has(session_name()) && null !== $this->session;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether the request contains a Session object.
|
||||||
|
*
|
||||||
|
* @return boolean
|
||||||
|
*/
|
||||||
|
public function hasSession()
|
||||||
|
{
|
||||||
|
return null !== $this->session;
|
||||||
|
}
|
||||||
|
|
||||||
public function setSession(Session $session)
|
public function setSession(Session $session)
|
||||||
{
|
{
|
||||||
$this->session = $session;
|
$this->session = $session;
|
||||||
|
@ -62,7 +62,7 @@ class ContextListener implements ListenerInterface
|
|||||||
{
|
{
|
||||||
$request = $event->getRequest();
|
$request = $event->getRequest();
|
||||||
|
|
||||||
$session = $request->hasSession() ? $request->getSession() : null;
|
$session = $request->hasPreviousSession() ? $request->getSession() : null;
|
||||||
|
|
||||||
if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
|
if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
|
||||||
$this->context->setToken(null);
|
$this->context->setToken(null);
|
||||||
|
Reference in New Issue
Block a user