diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2014-12-20 13:20:33 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2014-12-20 13:20:33 +0100 |
| commit | 3b1993579d11af545a1effd2cb3367665dd5a5fd (patch) | |
| tree | 98e77579fe74266751b1b4ff3f35d448d26a2043 | |
| parent | 49553dc4afef5b4bfd4e6eb38d44f8fec5f428db (diff) | |
| parent | b2e6411a6e1d1556b597c94e045719d418cc8cca (diff) | |
| download | symfony-security-3b1993579d11af545a1effd2cb3367665dd5a5fd.zip symfony-security-3b1993579d11af545a1effd2cb3367665dd5a5fd.tar.gz symfony-security-3b1993579d11af545a1effd2cb3367665dd5a5fd.tar.bz2 | |
bug #13048 [Security] Delete old session on auth strategy migrate (xelaris)
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Delete old session on auth strategy migrate
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13026
| License | MIT
| Doc PR |
As identified by @austinh in #13026 there are two sessions after authentication, since the previous session is migrated to a new one by ``session_regenerate_id``. This PR ensures the old session is been deleted immediately on migration.
I can't see any drawbacks, but if the change would break BC, another approach would be to add a new strategy like ``switch`` to enable instant deletion of the old session.
Commits
-------
5dd11e6 [Security] Delete old session on auth strategy migrate
| -rw-r--r-- | Http/Session/SessionAuthenticationStrategy.php | 2 | ||||
| -rw-r--r-- | Tests/Http/Session/SessionAuthenticationStrategyTest.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index 0e688c7..dd258a0 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -47,7 +47,7 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte return; case self::MIGRATE: - $request->getSession()->migrate(); + $request->getSession()->migrate(true); return; diff --git a/Tests/Http/Session/SessionAuthenticationStrategyTest.php b/Tests/Http/Session/SessionAuthenticationStrategyTest.php index 43c52b5..431a002 100644 --- a/Tests/Http/Session/SessionAuthenticationStrategyTest.php +++ b/Tests/Http/Session/SessionAuthenticationStrategyTest.php @@ -47,7 +47,7 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase public function testSessionIsMigrated() { $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); - $session->expects($this->once())->method('migrate'); + $session->expects($this->once())->method('migrate')->with($this->equalTo(true)); $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE); $strategy->onAuthentication($this->getRequest($session), $this->getToken()); |