diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Don't destroy the session on buggy php releases.

This commit is contained in:
Alexander M. Turek 2015-01-06 15:21:18 +01:00 committed by Fabien Potencier
parent 1201853b55
commit 5d0b527dea
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php
View File

@ -47,7 +47,10 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte
return;
case self::MIGRATE:
$request->getSession()->migrate(true);
// Destroying the old session is broken in php 5.4.0 - 5.4.10
// See php bug #63379
$destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
$request->getSession()->migrate($destroy);
return;

17
src/Symfony/Component/Security/Tests/Http/Session/SessionAuthenticationStrategyTest.php
View File

@ -39,6 +39,10 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
public function testSessionIsMigrated()
{
if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) {
$this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.');
}
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
$session->expects($this->once())->method('migrate')->with($this->equalTo(true));
@ -46,6 +50,19 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
}
public function testSessionIsMigratedWithPhp54Workaround()
{
if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) {
$this->markTestSkipped('This PHP version is not affected.');
}
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
$session->expects($this->once())->method('migrate')->with($this->equalTo(false));
$strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
}
public function testSessionIsInvalidated()
{
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');