Compare the date modified when loading session data.

alexminza · Dec 18, 2017 · 6fd3d9c · 6fd3d9c
1 parent d2404a9
commit 6fd3d9c
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/includes/data-stores/class-wc-customer-data-store-session.php b/includes/data-stores/class-wc-customer-data-store-session.php
@@ -18,6 +18,7 @@ class WC_Customer_Data_Store_Session extends WC_Data_Store_WP implements WC_Cust
 	 */
 	protected $session_keys = array(
 		'id',
+		'date_modified',
 		'billing_postcode',
 		'billing_city',
 		'billing_address_1',
@@ -74,7 +75,7 @@ public function save_to_session( $customer ) {
 			if ( 'billing_' === substr( $session_key, 0, 8 ) ) {
 				$session_key = str_replace( 'billing_', '', $session_key );
 			}
-			$data[ $session_key ] = $customer->{"get_$function_key"}( 'edit' );
+			$data[ $session_key ] = (string) $customer->{"get_$function_key"}( 'edit' );
 		}
 		if ( WC()->session->get( 'customer' ) !== $data ) {
 			WC()->session->set( 'customer', $data );
@@ -90,7 +91,13 @@ public function save_to_session( $customer ) {
 	 */
 	public function read( &$customer ) {
 		$data = (array) WC()->session->get( 'customer' );
-		if ( ! empty( $data ) && isset( $data['id'] ) && $data['id'] === $customer->get_id() ) {
+
+		/**
+		 * There is a valid session if $data is not empty, and the ID matches the logged in user ID.
+		 *
+		 * If the user object has been updated since the session was created (based on date_modified) we should not load the session - data should be reloaded.
+		 */
+		if ( ! empty( $data ) && isset( $data['id'], $data['date_modified'] ) && $data['id'] === (string) $customer->get_id() && $data['date_modified'] === (string) $customer->get_date_modified( 'edit' ) ) {
 			foreach ( $this->session_keys as $session_key ) {
 				$function_key = $session_key;
 				if ( 'billing_' === substr( $session_key, 0, 8 ) ) {