Merge branch '2.6' into 2.7

* 2.6:
  bumped Symfony version to 2.6.4
  updated VERSION for 2.6.3
  updated CHANGELOG for 2.6.3
  bumped Symfony version to 2.6.3
  updated VERSION for 2.6.2
  updated CHANGELOG for 2.6.2
  bumped Symfony version to 2.5.10
  updated VERSION for 2.5.9
  updated CHANGELOG for 2.5.9
  [FrameworkBundle] Use security.token_storage service in Controller::getUser()
  bumped Symfony version to 2.3.25
  updated VERSION for 2.3.24
  update CONTRIBUTORS for 2.3.24
  Removed unneeded version requirements
  updated CHANGELOG for 2.3.24
  fixed tests
  [Security] Don't destroy the session on buggy php releases.
  [Process] Fix input reset in WindowsPipes
  add back model_timezone and view_timezone options

Conflicts:
	src/Symfony/Component/HttpKernel/Kernel.php

2 files changed, 21 insertions, 1 deletions

diff --git a/Http/Session/SessionAuthenticationStrategy.php b/Http/Session/SessionAuthenticationStrategy.php
index dd258a0..ccfa6ba 100644
--- a/Http/Session/SessionAuthenticationStrategy.php
+++ b/Http/Session/SessionAuthenticationStrategy.php
@@ -47,7 +47,10 @@ class SessionAuthenticationStrategy implements SessionAuthenticationStrategyInte
                 return;
 
             case self::MIGRATE:
-                $request->getSession()->migrate(true);
+                // Destroying the old session is broken in php 5.4.0 - 5.4.10
+                // See php bug #63379
+                $destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
+                $request->getSession()->migrate($destroy);
 
                 return;
 
diff --git a/Http/Tests/Session/SessionAuthenticationStrategyTest.php b/Http/Tests/Session/SessionAuthenticationStrategyTest.php
index a1f960f..4aef4b2 100644
--- a/Http/Tests/Session/SessionAuthenticationStrategyTest.php
+++ b/Http/Tests/Session/SessionAuthenticationStrategyTest.php
@@ -39,6 +39,10 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
 
     public function testSessionIsMigrated()
     {
+        if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) {
+            $this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.');
+        }
+
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
         $session->expects($this->once())->method('migrate')->with($this->equalTo(true));
 
@@ -46,6 +50,19 @@ class SessionAuthenticationStrategyTest extends \PHPUnit_Framework_TestCase
         $strategy->onAuthentication($this->getRequest($session), $this->getToken());
     }
 
+    public function testSessionIsMigratedWithPhp54Workaround()
+    {
+        if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) {
+            $this->markTestSkipped('This PHP version is not affected.');
+        }
+
+        $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
+        $session->expects($this->once())->method('migrate')->with($this->equalTo(false));
+
+        $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
+        $strategy->onAuthentication($this->getRequest($session), $this->getToken());
+    }
+
     public function testSessionIsInvalidated()
     {
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');