[Security][HttpFoundation] splits Request::hasSession() into hasSession(), and hasPreviousSession()
This closes #774, and fixes #772.
This commit is contained in:
parent
c3084050a0
commit
362b7264d1
@ -120,6 +120,10 @@ beta1 to beta2
|
||||
'allow_add' => true,
|
||||
'allow_delete' => true,
|
||||
));
|
||||
|
||||
* Request::hasSession() has been renamed to Request::hasPreviousSession(). The
|
||||
method hasSession() still exists, but only checks if the request contains a
|
||||
session object, not if the session was started in a previous request.
|
||||
|
||||
PR12 to beta1
|
||||
-------------
|
||||
|
@ -67,7 +67,7 @@ class RequestListener
|
||||
}
|
||||
|
||||
// starts the session if a session cookie already exists in the request...
|
||||
if ($request->hasSession()) {
|
||||
if ($request->hasPreviousSession()) {
|
||||
$request->getSession()->start();
|
||||
}
|
||||
}
|
||||
|
@ -308,12 +308,28 @@ class Request
|
||||
return $this->session;
|
||||
}
|
||||
|
||||
public function hasSession()
|
||||
/**
|
||||
* Whether the request contains a Session which was started in one of the
|
||||
* previous requests.
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function hasPreviousSession()
|
||||
{
|
||||
// the check for $this->session avoids malicious users trying to fake a session cookie with proper name
|
||||
return $this->cookies->has(session_name()) && null !== $this->session;
|
||||
}
|
||||
|
||||
/**
|
||||
* Whether the request contains a Session object.
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public function hasSession()
|
||||
{
|
||||
return null !== $this->session;
|
||||
}
|
||||
|
||||
public function setSession(Session $session)
|
||||
{
|
||||
$this->session = $session;
|
||||
|
@ -62,7 +62,7 @@ class ContextListener implements ListenerInterface
|
||||
{
|
||||
$request = $event->getRequest();
|
||||
|
||||
$session = $request->hasSession() ? $request->getSession() : null;
|
||||
$session = $request->hasPreviousSession() ? $request->getSession() : null;
|
||||
|
||||
if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
|
||||
$this->context->setToken(null);
|
||||
|
Reference in New Issue
Block a user