From f54d96926acfd29e78205525bb5f3a09d923147a Mon Sep 17 00:00:00 2001
From: Chris Wilkinson <c.wilkinson@elifesciences.org>
Date: Wed, 20 Jun 2018 16:02:10 +0100
Subject: [PATCH] [HttpKernel] Make AbstractTestSessionListener compatible with
 CookieClearingLogoutHandler

---
 .../AbstractTestSessionListener.php           |  7 ++++
 .../EventListener/TestSessionListenerTest.php | 34 +++++++++++++++++--
 2 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
index 82061fd6ea..75f810e988 100644
--- a/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
+++ b/src/Symfony/Component/HttpKernel/EventListener/AbstractTestSessionListener.php
@@ -71,6 +71,13 @@ abstract class AbstractTestSessionListener implements EventSubscriberInterface
 
         if ($session instanceof Session ? !$session->isEmpty() || (null !== $this->sessionId && $session->getId() !== $this->sessionId) : $wasStarted) {
             $params = session_get_cookie_params();
+
+            foreach ($event->getResponse()->headers->getCookies() as $cookie) {
+                if ($session->getName() === $cookie->getName() && $params['path'] === $cookie->getPath() && $params['domain'] == $cookie->getDomain()) {
+                    return;
+                }
+            }
+
             $event->getResponse()->headers->setCookie(new Cookie($session->getName(), $session->getId(), 0 === $params['lifetime'] ? 0 : time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly']));
             $this->sessionId = $session->getId();
         }
diff --git a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
index 22a2b71239..01f0a3b864 100644
--- a/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
+++ b/src/Symfony/Component/HttpKernel/Tests/EventListener/TestSessionListenerTest.php
@@ -106,6 +106,36 @@ class TestSessionListenerTest extends TestCase
         $this->assertNotEmpty($response->headers->getCookies());
     }
 
+    /**
+     * @dataProvider anotherCookieProvider
+     */
+    public function testSessionWithNewSessionIdAndNewCookieDoesNotSendAnotherCookie($existing, array $expected)
+    {
+        $this->sessionHasBeenStarted();
+        $this->sessionIsEmpty();
+        $this->fixSessionId('456');
+
+        $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
+        $request = Request::create('/', 'GET', array(), array('MOCKSESSID' => '123'));
+        $event = new GetResponseEvent($kernel, $request, HttpKernelInterface::MASTER_REQUEST);
+        $this->listener->onKernelRequest($event);
+
+        $response = new Response('', 200, array('Set-Cookie' => $existing));
+
+        $response = $this->filterResponse(new Request(), HttpKernelInterface::MASTER_REQUEST, $response);
+
+        $this->assertSame($expected, $response->headers->get('Set-Cookie', null, false));
+    }
+
+    public function anotherCookieProvider()
+    {
+        return array(
+            'same' => array('MOCKSESSID=789; path=/', array('MOCKSESSID=789; path=/')),
+            'different domain' => array('MOCKSESSID=789; path=/; domain=example.com', array('MOCKSESSID=789; path=/; domain=example.com', 'MOCKSESSID=456; path=/')),
+            'different path' => array('MOCKSESSID=789; path=/foo', array('MOCKSESSID=789; path=/foo', 'MOCKSESSID=456; path=/')),
+        );
+    }
+
     public function testUnstartedSessionIsNotSave()
     {
         $this->sessionHasNotBeenStarted();
@@ -123,10 +153,10 @@ class TestSessionListenerTest extends TestCase
         $this->assertFalse(is_subclass_of(TestSessionListener::class, ServiceSubscriberInterface::class, 'Implementing ServiceSubscriberInterface would create a dep on the DI component, which eg Silex cannot afford'));
     }
 
-    private function filterResponse(Request $request, $type = HttpKernelInterface::MASTER_REQUEST)
+    private function filterResponse(Request $request, $type = HttpKernelInterface::MASTER_REQUEST, Response $response = null)
     {
         $request->setSession($this->session);
-        $response = new Response();
+        $response = $response ?: new Response();
         $kernel = $this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock();
         $event = new FilterResponseEvent($kernel, $request, $type, $response);