Fix issue with session cache

Fixes #1932.

src/Session/Session.php

@@ -469,6 +469,9 @@ public function regenerateToken()
         } else {
             $this->needsRetransmission = true;
         }
+
+        // update cache of the Sessions instance with the new token
+        $this->sessions->updateCache($this);
     }
 
     /**

src/Session/Sessions.php

@@ -242,6 +242,18 @@ public function collectGarbage()
         $this->store()->collectGarbage();
     }
 
+    /**
+     * Updates the instance cache with a newly created
+     * session or a session with a regenerated token
+     *
+     * @internal
+     * @param Kirby\Session\Session $session Session instance to push to the cache
+     */
+    public function updateCache(Session $session)
+    {
+        $this->cache[$session->token()] = $session;
+    }
+
     /**
      * Returns the auth token from the cookie
      *

tests/Session/SessionTest.php

@@ -676,6 +676,10 @@ public function testRenewNotRenewable()
      */
     public function testRegenerateToken()
     {
+        $sessionsReflector = new ReflectionClass(Sessions::class);
+        $cache = $sessionsReflector->getProperty('cache');
+        $cache->setAccessible(true);
+
         $token = '9999999999.valid.' . $this->store->validKey;
         $session = new Session($this->sessions, $token, []);
 
@@ -702,6 +706,10 @@ public function testRegenerateToken()
 
         // validate that a cookie has been set
         $this->assertEquals($newToken, Cookie::get('kirby_session'));
+
+        // validate that the new session is cached in the $sessions object
+        $this->assertArrayHasKey($newToken, $cache->getValue($this->sessions));
+        $this->assertEquals($session, $cache->getValue($this->sessions)[$newToken]);
     }
 
     /**
@@ -710,14 +718,23 @@ public function testRegenerateToken()
      */
     public function testRegenerateTokenHeaderMode()
     {
+        $sessionsReflector = new ReflectionClass(Sessions::class);
+        $cache = $sessionsReflector->getProperty('cache');
+        $cache->setAccessible(true);
+
         $token = '9999999999.valid.' . $this->store->validKey;
         $session = new Session($this->sessions, $token, ['mode' => 'header']);
 
         Cookie::remove('kirby_session');
         $this->assertFalse($session->needsRetransmission());
         $session->regenerateToken();
+        $this->assertNotEquals($token, $newToken = $session->token());
         $this->assertTrue($session->needsRetransmission());
         $this->assertNull(Cookie::get('kirby_session'));
+
+        // validate that the new session is cached in the $sessions object
+        $this->assertArrayHasKey($newToken, $cache->getValue($this->sessions));
+        $this->assertEquals($session, $cache->getValue($this->sessions)[$newToken]);
     }
 
     /**

tests/Session/SessionsTest.php

@@ -275,6 +275,29 @@ public function testCollectGarbage()
         $this->assertTrue($this->store->collectedGarbage);
     }
 
+    /**
+     * @covers ::updateCache
+     */
+    public function testUpdateCache()
+    {
+        $sessionsReflector = new ReflectionClass(Sessions::class);
+        $cache = $sessionsReflector->getProperty('cache');
+        $cache->setAccessible(true);
+
+        $sessionReflector = new ReflectionClass(Session::class);
+        $tokenKey = $sessionReflector->getProperty('tokenKey');
+        $tokenKey->setAccessible(true);
+
+        $sessions = new Sessions($this->store, ['mode' => 'header']);
+        $session = $sessions->get('9999999999.valid.' . $this->store->validKey);
+        $tokenKey->setValue($session, 'new-key');
+
+        $this->assertArrayNotHasKey('9999999999.valid.new-key', $cache->getValue($sessions));
+        $sessions->updateCache($session);
+        $this->assertArrayHasKey('9999999999.valid.new-key', $cache->getValue($sessions));
+        $this->assertEquals($session, $cache->getValue($sessions)['9999999999.valid.new-key']);
+    }
+
     /**
      * @covers ::tokenFromCookie
      */