[Session] remove invalid workaround in session regenerate
The original issue #7380 was just caused because the developer missed to save the session before doing the redirect. That's all. This reverts #8270 and following.
This commit is contained in:
parent
20e7cf12ba
commit
703d906758
@ -206,23 +206,7 @@ class NativeSessionStorage implements SessionStorageInterface
|
|||||||
$this->metadataBag->stampNew();
|
$this->metadataBag->stampNew();
|
||||||
}
|
}
|
||||||
|
|
||||||
$ret = session_regenerate_id($destroy);
|
return session_regenerate_id($destroy);
|
||||||
|
|
||||||
// workaround for https://bugs.php.net/bug.php?id=61470 as suggested by David Grudl
|
|
||||||
if ('files' === $this->getSaveHandler()->getSaveHandlerName()) {
|
|
||||||
session_write_close();
|
|
||||||
if (isset($_SESSION)) {
|
|
||||||
$backup = $_SESSION;
|
|
||||||
session_start();
|
|
||||||
$_SESSION = $backup;
|
|
||||||
} else {
|
|
||||||
session_start();
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->loadSession();
|
|
||||||
}
|
|
||||||
|
|
||||||
return $ret;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -88,6 +88,14 @@ interface SessionStorageInterface
|
|||||||
* Note regenerate+destroy should not clear the session data in memory
|
* Note regenerate+destroy should not clear the session data in memory
|
||||||
* only delete the session data from persistent storage.
|
* only delete the session data from persistent storage.
|
||||||
*
|
*
|
||||||
|
* Care: When regenerating the session ID no locking is involved in PHPs
|
||||||
|
* session design. See https://bugs.php.net/bug.php?id=61470 for a discussion.
|
||||||
|
* So you must make sure the regenerated session is saved BEFORE sending the
|
||||||
|
* headers with the new ID. Symfonys HttpKernel offers a listener for this.
|
||||||
|
* See Symfony\Component\HttpKernel\EventListener\SaveSessionListener.
|
||||||
|
* Otherwise session data could get lost again for concurrent requests with the
|
||||||
|
* new ID. One result could be that you get logged out after just logging in.
|
||||||
|
*
|
||||||
* @param bool $destroy Destroy session when regenerating?
|
* @param bool $destroy Destroy session when regenerating?
|
||||||
* @param int $lifetime Sets the cookie lifetime for the session cookie. A null value
|
* @param int $lifetime Sets the cookie lifetime for the session cookie. A null value
|
||||||
* will leave the system settings unchanged, 0 sets the cookie
|
* will leave the system settings unchanged, 0 sets the cookie
|
||||||
|
Reference in New Issue
Block a user