Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixing issue where empty session id's would cause duplicate key error…

…s. Empty session id sessions are no longer saved. Fixes #1450
  • Loading branch information...
commit cfce0e45d3f51471571241a32241f5da08d4c583 1 parent b0d4951
@markstory markstory authored
View
3  cake/libs/cake_session.php
@@ -751,6 +751,9 @@ function __read($id) {
* @access private
*/
function __write($id, $data) {
+ if (!$id) {
+ return false;
+ }
$expires = time() + Configure::read('Session.timeout') * Security::inactiveMins();
$model =& ClassRegistry::getObject('Session');
$return = $model->save(array($model->primaryKey => $id) + compact('data', 'expires'));
View
31 cake/tests/cases/libs/cake_session.test.php
@@ -474,4 +474,35 @@ function testReadAndWriteWithDatabaseStorage() {
$this->setUp();
}
+/**
+ * testReadAndWriteWithDatabaseStorage method
+ *
+ * @access public
+ * @return void
+ */
+ function testDatabaseStorageEmptySessionId() {
+ unset($_SESSION);
+ session_destroy();
+ Configure::write('Session.table', 'sessions');
+ Configure::write('Session.model', 'Session');
+ Configure::write('Session.database', 'test_suite');
+ Configure::write('Session.save', 'database');
+ $this->setUp();
+ $id = $this->Session->id();
+
+ $this->Session->id = '';
+ session_id('');
+
+ $this->Session->write('SessionTestCase', 'This is a Test');
+ $this->assertEqual($this->Session->read('SessionTestCase'), 'This is a Test');
+
+ session_write_close();
+
+ unset($_SESSION);
+ ini_set('session.save_handler', 'files');
+ Configure::write('Session.save', 'php');
+ session_id($id);
+ $this->setUp();
+ }
+
}
Please sign in to comment.
Something went wrong with that request. Please try again.