diff options
| author | Alexander M. Turek <me@derrabus.de> | 2015-01-06 15:21:18 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2015-01-07 09:13:06 +0100 |
| commit | 21689b9e96aa820bcb2a2979d04685675497f736 (patch) | |
| tree | 518797ac1a4b0f993572a2cd7713a7bd44e6ac9c | |
| parent | c89020dda8f90ae69bf0e76af7720f51be83a760 (diff) | |
| download | symfony-security-21689b9e96aa820bcb2a2979d04685675497f736.zip symfony-security-21689b9e96aa820bcb2a2979d04685675497f736.tar.gz symfony-security-21689b9e96aa820bcb2a2979d04685675497f736.tar.bz2 | |
[Security] Don't destroy the session on buggy php releases.v2.3.24
| -rw-r--r-- | Http/Session/SessionAuthenticationStrategy.php | 5 | ||||
| -rw-r--r-- | Tests/Http/Session/SessionAuthenticationStrategyTest.php | 17 |
2 files changed, 21 insertions, 1 deletions
diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php index dd258a0..ccfa6ba 100644 --- a/Http/Session/SessionAuthenticationStrategy.php +++ b/Http/Session/SessionAuthenticationStrategy.php @@ -47,7 +47,10 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte return; case self::MIGRATE: - $request->getSession()->migrate(true); + // Destroying the old session is broken in php 5.4.0 - 5.4.10 + // See php bug #63379 + $destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411; + $request->getSession()->migrate($destroy); return; diff --git a/Tests/Http/Session/SessionAuthenticationStrategyTest.php b/Tests/Http/Session/SessionAuthenticationStrategyTest.php index d5055eb..7296afd 100644 --- a/Tests/Http/Session/SessionAuthenticationStrategyTest.php +++ b/Tests/Http/Session/SessionAuthenticationStrategyTest.php @@ -39,6 +39,10 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase public function testSessionIsMigrated() { + if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) { + $this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.'); + } + $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); $session->expects($this->once())->method('migrate')->with($this->equalTo(true)); @@ -46,6 +50,19 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase $strategy->onAuthentication($this->getRequest($session), $this->getToken()); } + public function testSessionIsMigratedWithPhp54Workaround() + { + if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) { + $this->markTestSkipped('This PHP version is not affected.'); + } + + $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); + $session->expects($this->once())->method('migrate')->with($this->equalTo(false)); + + $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE); + $strategy->onAuthentication($this->getRequest($session), $this->getToken()); + } + public function testSessionIsInvalidated() { $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface'); |