[Security] fixed session creation when none is needed (closes #6917)

symfony · Feb 4, 2013 · 8ca00c5 · 8ca00c5
1 parent 04cb480
commit 8ca00c5
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 30 deletions.
diff --git a/src/Symfony/Component/Security/Http/Firewall/ContextListener.php b/src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -70,7 +70,6 @@ public function handle(GetResponseEvent $event)
         }
 
         $request = $event->getRequest();
-
         $session = $request->hasPreviousSession() ? $request->getSession() : null;
 
         if (null === $session || null === $token = $session->get('_security_'.$this->contextKey)) {
@@ -117,7 +116,10 @@ public function onKernelResponse(FilterResponseEvent $event)
             $this->logger->debug('Write SecurityContext in the session');
         }
 
-        if (null === $session = $event->getRequest()->getSession()) {
+        $request = $event->getRequest();
+        $session = $request->hasPreviousSession() ? $request->getSession() : null;
+
+        if (null === $session) {
             return;
         }
 

diff --git a/src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php b/src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php
@@ -82,36 +82,12 @@ public function testOnKernelResponseWillRemoveSession()
         $this->assertFalse($session->has('_security_session'));
     }
 
-    protected function runSessionOnKernelResponse($newToken, $original = null)
-    {
-        $session = new Session(new MockArraySessionStorage());
-
-        if ($original !== null) {
-            $session->set('_security_session', $original);
-        }
-
-        $this->securityContext->setToken($newToken);
-
-        $request = new Request();
-        $request->setSession($session);
-
-        $event = new FilterResponseEvent(
-            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
-            $request,
-            HttpKernelInterface::MASTER_REQUEST,
-            new Response()
-        );
-
-        $listener = new ContextListener($this->securityContext, array(), 'session');
-        $listener->onKernelResponse($event);
-
-        return $session;
-    }
-
     public function testOnKernelResponseWithoutSession()
     {
         $this->securityContext->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
         $request = new Request();
+        $session = new Session(new MockArraySessionStorage());
+        $request->setSession($session);
 
         $event = new FilterResponseEvent(
             $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
@@ -123,7 +99,7 @@ public function testOnKernelResponseWithoutSession()
         $listener = new ContextListener($this->securityContext, array(), 'session');
         $listener->onKernelResponse($event);
 
-        $this->assertFalse($request->hasSession());
+        $this->assertFalse($session->isStarted());
     }
 
     /**
@@ -168,4 +144,30 @@ public function provideInvalidToken()
             array(null),
         );
     }
-}
+
+    protected function runSessionOnKernelResponse($newToken, $original = null)
+    {
+        $session = new Session(new MockArraySessionStorage());
+
+        if ($original !== null) {
+            $session->set('_security_session', $original);
+        }
+
+        $this->securityContext->setToken($newToken);
+
+        $request = new Request();
+        $request->setSession($session);
+        $request->cookies->set('MOCKSESSID', true);
+
+        $event = new FilterResponseEvent(
+            $this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
+            $request,
+            HttpKernelInterface::MASTER_REQUEST,
+            new Response()
+        );
+
+        $listener = new ContextListener($this->securityContext, array(), 'session');
+        $listener->onKernelResponse($event);
+
+        return $session;
+    }}