[Security] Don't destroy the session on buggy php releases.
This commit is contained in:
parent
1201853b55
commit
5d0b527dea
@ -47,7 +47,10 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte
|
||||
return;
|
||||
|
||||
case self::MIGRATE:
|
||||
$request->getSession()->migrate(true);
|
||||
// Destroying the old session is broken in php 5.4.0 - 5.4.10
|
||||
// See php bug #63379
|
||||
$destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
|
||||
$request->getSession()->migrate($destroy);
|
||||
|
||||
return;
|
||||
|
||||
|
@ -39,6 +39,10 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
|
||||
public function testSessionIsMigrated()
|
||||
{
|
||||
if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) {
|
||||
$this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.');
|
||||
}
|
||||
|
||||
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
||||
$session->expects($this->once())->method('migrate')->with($this->equalTo(true));
|
||||
|
||||
@ -46,6 +50,19 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
|
||||
}
|
||||
|
||||
public function testSessionIsMigratedWithPhp54Workaround()
|
||||
{
|
||||
if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) {
|
||||
$this->markTestSkipped('This PHP version is not affected.');
|
||||
}
|
||||
|
||||
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
||||
$session->expects($this->once())->method('migrate')->with($this->equalTo(false));
|
||||
|
||||
$strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
|
||||
$strategy->onAuthentication($this->getRequest($session), $this->getToken());
|
||||
}
|
||||
|
||||
public function testSessionIsInvalidated()
|
||||
{
|
||||
$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
|
||||
|
Reference in New Issue
Block a user