[HttpFoundation] Clear invalid session cookie
This commit is contained in:
parent
1b98df7c64
commit
b22a7263b9
@ -124,7 +124,15 @@ abstract class AbstractSessionHandler implements \SessionHandlerInterface, \Sess
|
|||||||
throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', \get_class($this)));
|
throw new \LogicException(sprintf('Session name cannot be empty, did you forget to call "parent::open()" in "%s"?.', \get_class($this)));
|
||||||
}
|
}
|
||||||
$cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);
|
$cookie = SessionUtils::popSessionCookie($this->sessionName, $sessionId);
|
||||||
if (null === $cookie) {
|
|
||||||
|
/*
|
||||||
|
* We send an invalidation Set-Cookie header (zero lifetime)
|
||||||
|
* when either the session was started or a cookie with
|
||||||
|
* the session name was sent by the client (in which case
|
||||||
|
* we know it's invalid as a valid session cookie would've
|
||||||
|
* started the session).
|
||||||
|
*/
|
||||||
|
if (null === $cookie || isset($_COOKIE[$this->sessionName])) {
|
||||||
if (\PHP_VERSION_ID < 70300) {
|
if (\PHP_VERSION_ID < 70300) {
|
||||||
setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN));
|
setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN), filter_var(ini_get('session.cookie_httponly'), FILTER_VALIDATE_BOOLEAN));
|
||||||
} else {
|
} else {
|
||||||
|
@ -241,6 +241,7 @@ class NativeSessionStorage implements SessionStorageInterface
|
|||||||
*/
|
*/
|
||||||
public function save()
|
public function save()
|
||||||
{
|
{
|
||||||
|
// Store a copy so we can restore the bags in case the session was not left empty
|
||||||
$session = $_SESSION;
|
$session = $_SESSION;
|
||||||
|
|
||||||
foreach ($this->bags as $bag) {
|
foreach ($this->bags as $bag) {
|
||||||
@ -266,7 +267,11 @@ class NativeSessionStorage implements SessionStorageInterface
|
|||||||
session_write_close();
|
session_write_close();
|
||||||
} finally {
|
} finally {
|
||||||
restore_error_handler();
|
restore_error_handler();
|
||||||
$_SESSION = $session;
|
|
||||||
|
// Restore only if not empty
|
||||||
|
if ($_SESSION) {
|
||||||
|
$_SESSION = $session;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->closed = true;
|
$this->closed = true;
|
||||||
|
@ -11,10 +11,11 @@ $_SESSION is not empty
|
|||||||
write
|
write
|
||||||
destroy
|
destroy
|
||||||
close
|
close
|
||||||
$_SESSION is not empty
|
$_SESSION is empty
|
||||||
Array
|
Array
|
||||||
(
|
(
|
||||||
[0] => Content-Type: text/plain; charset=utf-8
|
[0] => Content-Type: text/plain; charset=utf-8
|
||||||
[1] => Cache-Control: max-age=0, private, must-revalidate
|
[1] => Cache-Control: max-age=0, private, must-revalidate
|
||||||
|
[2] => Set-Cookie: sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
|
||||||
)
|
)
|
||||||
shutdown
|
shutdown
|
||||||
|
@ -20,5 +20,6 @@ Array
|
|||||||
[0] => Content-Type: text/plain; charset=utf-8
|
[0] => Content-Type: text/plain; charset=utf-8
|
||||||
[1] => Cache-Control: max-age=10800, private, must-revalidate
|
[1] => Cache-Control: max-age=10800, private, must-revalidate
|
||||||
[2] => Set-Cookie: abc=def
|
[2] => Set-Cookie: abc=def
|
||||||
|
[3] => Set-Cookie: sid=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; secure; HttpOnly
|
||||||
)
|
)
|
||||||
shutdown
|
shutdown
|
||||||
|
Reference in New Issue
Block a user