Merge pull request #431 from Lusitanian/better-session-detection

Better session detection
daviddesberg · Oct 7, 2015 · a32d3da · a32d3da
2 parents a48f63c + 05238f3
commit a32d3da
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/src/OAuth/Common/Storage/Session.php b/src/OAuth/Common/Storage/Session.php
@@ -36,7 +36,7 @@ public function __construct(
         $sessionVariableName = 'lusitanian-oauth-token',
         $stateVariableName = 'lusitanian-oauth-state'
     ) {
-        if ($startSession && !isset($_SESSION)) {
+        if ($startSession && !$this->sessionHasStarted()) {
             session_start();
         }
 
@@ -185,4 +185,20 @@ public function __destruct()
             session_write_close();
         }
     }
+
+    /**
+     * Determine if the session has started.
+     * @url http://stackoverflow.com/a/18542272/1470961
+     * @return bool
+     */
+    protected function sessionHasStarted()
+    {
+        // For more modern PHP versions we use a more reliable method.
+        if (version_compare(PHP_VERSION, '5.4.0') >= 0) {
+            return session_status() != PHP_SESSION_NONE;
+        }
+
+        // Below PHP 5.4 we should test for the current session ID.
+        return session_id() !== '';
+    }
 }