Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Adding fix when a invalid session is destroyed in CakeSession::_check…

…Valid(); and session data wrote after the session is destroyed no longer being available because the session data was wrote using the old session id

git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@7976 3807eeeb-6ff5-0310-8944-8be069107fe0
  • Loading branch information...
commit a6250ad6484468567e0b1d4351a2f6b5e9c4e07d 1 parent 7b12272
@phpnut phpnut authored
Showing with 9 additions and 19 deletions.
  1. +9 −19 cake/libs/session.php
View
28 cake/libs/session.php
@@ -398,21 +398,11 @@ function write($name, $value) {
* @access public
*/
function destroy() {
- $sessionpath = session_save_path();
- if (empty($sessionpath)) {
- $sessionpath = "/tmp";
- }
-
- if (isset($_COOKIE[session_name()])) {
- setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
- }
-
$_SESSION = array();
- $file = $sessionpath . DS . "sess_" . session_id();
- @session_destroy();
- @unlink ($file);
$this->__construct($this->path);
+ $this->start();
$this->renew();
+ $this->_checkValid();
}
/**
* Helper method to initialize a session, based on Cake core settings.
@@ -447,7 +437,7 @@ function __initSession() {
switch (Configure::read('Session.save')) {
case 'cake':
- if (!isset($_SESSION)) {
+ if (empty($_SESSION)) {
if ($iniSet) {
ini_set('session.use_trans_sid', 0);
ini_set('url_rewriter.tags', '');
@@ -462,7 +452,7 @@ function __initSession() {
}
break;
case 'database':
- if (!isset($_SESSION)) {
+ if (empty($_SESSION)) {
if (Configure::read('Session.table') === null) {
trigger_error(__("You must set the all Configure::write('Session.*') in core.php to use database storage"), E_USER_WARNING);
exit();
@@ -489,7 +479,7 @@ function __initSession() {
array('CakeSession', '__gc'));
break;
case 'php':
- if (!isset($_SESSION)) {
+ if (empty($_SESSION)) {
if ($iniSet) {
ini_set('session.use_trans_sid', 0);
ini_set('session.name', Configure::read('Session.cookie'));
@@ -499,7 +489,7 @@ function __initSession() {
}
break;
case 'cache':
- if (!isset($_SESSION)) {
+ if (empty($_SESSION)) {
if (!class_exists('Cache')) {
uses('Cache');
}
@@ -521,7 +511,7 @@ function __initSession() {
array('CakeSession', '__gc'));
break;
default:
- if (!isset($_SESSION)) {
+ if (empty($_SESSION)) {
$config = CONFIGS . Configure::read('Session.save') . '.php';
if (is_file($config)) {
@@ -538,7 +528,7 @@ function __initSession() {
*/
function __startSession() {
if (headers_sent()) {
- if (!isset($_SESSION)) {
+ if (empty($_SESSION)) {
$_SESSION = array();
}
return false;
@@ -603,7 +593,7 @@ function __regenerateId() {
if (empty($sessionpath)) {
$sessionpath = "/tmp";
}
- if (isset($_COOKIE[session_name()])) {
+ if (session_id() != "" || isset($_COOKIE[session_name()])) {
setcookie(Configure::read('Session.cookie'), '', time() - 42000, $this->path);
}
session_regenerate_id(true);

0 comments on commit a6250ad

Please sign in to comment.
Something went wrong with that request. Please try again.