-
-
Notifications
You must be signed in to change notification settings - Fork 438
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid session invalidation when changing session lifetime. #546
Avoid session invalidation when changing session lifetime. #546
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Iam a bit sceptic about removing the constant, and that it could invalidate all sessions when this change gets deployed on a running system.
But besides the migration path Iam ok with it.
The validation code uses |
370a6e7
to
17b744d
Compare
if (strpos($currentCookieDomain, $host) > 0) { | ||
$cookie->delete($this->getSessionName(), null, $host); | ||
} | ||
$secureCookieName = session_name() . '_cid'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$sessionName is passed anyway, why switching to method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Because $sessionName can be null. I suppose it could be $this->getSessionName()
but it would be functionally equivalent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please leave the constant to avoid breaking change
I added the constant back in. |
I merged the latest and cleaned up the logic around the secure cookie check to make it easier to read and understand without changing the functionality. These changes are good improvements IMO and no BC breakage. Please review! Thanks! |
@colinmollenhour could you address the conflicts here? I was checkin them but I don't trust my knowledge of this specific subject. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
I resolved the conflicts. |
phpstan doesn't let anything slip :-D |
…penMage#546)" This reverts commit 447e27e.
This PR fixes a few session related issues:
Varien_Date::toTimestamp
session_before_renew_cookie
event to allow session lifetime to be more dynamic (e.g. I use this event to make sessions for customers with items in their cart much longer than those without).