Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixing issue where empty session id's would cause duplicate key error…

…s. Empty session id sessions are no longer saved. Fixes #1450
  • Loading branch information...
commit cfce0e45d3f51471571241a32241f5da08d4c583 1 parent b0d4951
Mark Story markstory authored
3  cake/libs/cake_session.php
View
@@ -751,6 +751,9 @@ function __read($id) {
* @access private
*/
function __write($id, $data) {
+ if (!$id) {
+ return false;
+ }
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session');
$return = $model->save(array($model->primaryKey => $id) + compact('data', 'expires'));
31 cake/tests/cases/libs/cake_session.test.php
View
@@ -474,4 +474,35 @@ function testReadAndWriteWithDatabaseStorage() {
$this->setUp();
}
+/**
+ * testReadAndWriteWithDatabaseStorage method
+ *
+ * @access public
+ * @return void
+ */
+ function testDatabaseStorageEmptySessionId() {
+ unset($_SESSION);
+ session_destroy();
+ Configure::write('Session.table', 'sessions');
+ Configure::write('Session.model', 'Session');
+ Configure::write('Session.database', 'test_suite');
+ Configure::write('Session.save', 'database');
+ $this->setUp();
+ $id = $this->Session->id();
+
+ $this->Session->id = '';
+ session_id('');
+
+ $this->Session->write('SessionTestCase', 'This is a Test');
+ $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
+
+ session_write_close();
+
+ unset($_SESSION);
+ ini_set('session.save_handler', 'files');
+ Configure::write('Session.save', 'php');
+ session_id($id);
+ $this->setUp();
+ }
+
}
Please sign in to comment.
Something went wrong with that request. Please try again.