[HttpKernel] Configure session.cookie_secure
earlier
This commit is contained in:
parent
9765b5ab86
commit
e82918cd60
@ -389,6 +389,9 @@ class NativeSessionStorage implements SessionStorageInterface
|
|||||||
$this->emulateSameSite = $value;
|
$this->emulateSameSite = $value;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if ('cookie_secure' === $key && 'auto' === $value) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
ini_set('url_rewriter.tags' !== $key ? 'session.'.$key : $key, $value);
|
ini_set('url_rewriter.tags' !== $key ? 'session.'.$key : $key, $value);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -14,6 +14,7 @@ namespace Symfony\Component\HttpKernel\EventListener;
|
|||||||
use Psr\Container\ContainerInterface;
|
use Psr\Container\ContainerInterface;
|
||||||
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
use Symfony\Component\HttpFoundation\Session\SessionInterface;
|
||||||
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
|
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
|
||||||
|
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the session in the request.
|
* Sets the session in the request.
|
||||||
@ -33,10 +34,12 @@ class SessionListener extends AbstractSessionListener
|
|||||||
$this->container = $container;
|
$this->container = $container;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function getSession(): ?SessionInterface
|
public function onKernelRequest(GetResponseEvent $event)
|
||||||
{
|
{
|
||||||
if (!$this->container->has('session')) {
|
parent::onKernelRequest($event);
|
||||||
return null;
|
|
||||||
|
if (!$event->isMasterRequest() || !$this->container->has('session')) {
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->container->has('session_storage')
|
if ($this->container->has('session_storage')
|
||||||
@ -46,6 +49,13 @@ class SessionListener extends AbstractSessionListener
|
|||||||
) {
|
) {
|
||||||
$storage->setOptions(['cookie_secure' => true]);
|
$storage->setOptions(['cookie_secure' => true]);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getSession(): ?SessionInterface
|
||||||
|
{
|
||||||
|
if (!$this->container->has('session')) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
return $this->container->get('session');
|
return $this->container->get('session');
|
||||||
}
|
}
|
||||||
|
@ -59,7 +59,7 @@ class SessionListenerTest extends TestCase
|
|||||||
$listener = new SessionListener($container);
|
$listener = new SessionListener($container);
|
||||||
|
|
||||||
$event = $this->createMock(RequestEvent::class);
|
$event = $this->createMock(RequestEvent::class);
|
||||||
$event->expects($this->once())->method('isMasterRequest')->willReturn(true);
|
$event->expects($this->exactly(2))->method('isMasterRequest')->willReturn(true);
|
||||||
$event->expects($this->once())->method('getRequest')->willReturn($request);
|
$event->expects($this->once())->method('getRequest')->willReturn($request);
|
||||||
|
|
||||||
$listener->onKernelRequest($event);
|
$listener->onKernelRequest($event);
|
||||||
@ -203,12 +203,16 @@ class SessionListenerTest extends TestCase
|
|||||||
$listener = new SessionListener($container);
|
$listener = new SessionListener($container);
|
||||||
$listener->onKernelRequest($event);
|
$listener->onKernelRequest($event);
|
||||||
|
|
||||||
|
// storage->setOptions() should have been called already
|
||||||
|
$container->set('session_storage', null);
|
||||||
|
$sessionStorage = null;
|
||||||
|
|
||||||
$subRequest = $masterRequest->duplicate();
|
$subRequest = $masterRequest->duplicate();
|
||||||
// at this point both master and subrequest have a closure to build the session
|
// at this point both master and subrequest have a closure to build the session
|
||||||
|
|
||||||
$masterRequest->getSession();
|
$masterRequest->getSession();
|
||||||
|
|
||||||
// calling the factory on the subRequest should not trigger a second call to storage->sesOptions()
|
// calling the factory on the subRequest should not trigger a second call to storage->setOptions()
|
||||||
$subRequest->getSession();
|
$subRequest->getSession();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user