diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2014-12-20 13:20:33 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2014-12-20 13:20:33 +0100 |
| commit | 3b1993579d11af545a1effd2cb3367665dd5a5fd (patch) | |
| tree | 98e77579fe74266751b1b4ff3f35d448d26a2043 /Tests/Core/Util/SecureRandomTest.php | |
| parent | 49553dc4afef5b4bfd4e6eb38d44f8fec5f428db (diff) | |
| parent | b2e6411a6e1d1556b597c94e045719d418cc8cca (diff) | |
| download | symfony-security-3b1993579d11af545a1effd2cb3367665dd5a5fd.zip symfony-security-3b1993579d11af545a1effd2cb3367665dd5a5fd.tar.gz symfony-security-3b1993579d11af545a1effd2cb3367665dd5a5fd.tar.bz2 | |
bug #13048 [Security] Delete old session on auth strategy migrate (xelaris)
This PR was merged into the 2.3 branch.
Discussion
----------
[Security] Delete old session on auth strategy migrate
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #13026
| License | MIT
| Doc PR |
As identified by @austinh in #13026 there are two sessions after authentication, since the previous session is migrated to a new one by ``session_regenerate_id``. This PR ensures the old session is been deleted immediately on migration.
I can't see any drawbacks, but if the change would break BC, another approach would be to add a new strategy like ``switch`` to enable instant deletion of the old session.
Commits
-------
5dd11e6 [Security] Delete old session on auth strategy migrate
Diffstat (limited to 'Tests/Core/Util/SecureRandomTest.php')
0 files changed, 0 insertions, 0 deletions