[Security] Don't destroy the session on buggy php releases.
This commit is contained in:
parent
1201853b55
commit
5d0b527dea
@ -47,7 +47,10 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
case self::MIGRATE:
|
case self::MIGRATE:
|
||||||
$request->getSession()->migrate(true);
|
// Destroying the old session is broken in php 5.4.0 - 5.4.10
|
||||||
|
// See php bug #63379
|
||||||
|
$destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
|
||||||
|
$request->getSession()->migrate($destroy);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
@ -39,6 +39,10 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
|
|||||||
|
|
||||||
public function testSessionIsMigrated()
|
public function testSessionIsMigrated()
|
||||||
{
|
{
|
||||||
|
if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) {
|
||||||
|
$this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.');
|
||||||
|
}
|
||||||
|
|
||||||
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
||||||
$session->expects($this->once())->method('migrate')->with($this->equalTo(true));
|
$session->expects($this->once())->method('migrate')->with($this->equalTo(true));
|
||||||
|
|
||||||
@ -46,6 +50,19 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
|
|||||||
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
|
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSessionIsMigratedWithPhp54Workaround()
|
||||||
|
{
|
||||||
|
if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) {
|
||||||
|
$this->markTestSkipped('This PHP version is not affected.');
|
||||||
|
}
|
||||||
|
|
||||||
|
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
||||||
|
$session->expects($this->once())->method('migrate')->with($this->equalTo(false));
|
||||||
|
|
||||||
|
$strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
|
||||||
|
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
|
||||||
|
}
|
||||||
|
|
||||||
public function testSessionIsInvalidated()
|
public function testSessionIsInvalidated()
|
||||||
{
|
{
|
||||||
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
||||||
|
Reference in New Issue
Block a user