Skip to content
Permalink
Browse files

Session: do not regenerate session ID when is newly created

  • Loading branch information...
dg committed Mar 11, 2019
1 parent fb79e66 commit 7ff93fc3c0b797eb16789f0cb15d646b7f3a9811
Showing with 4 additions and 2 deletions.
  1. +3 −1 src/Http/Session.php
  2. +1 −1 tests/Http/Session.regenerateId().phpt
@@ -123,7 +123,9 @@ private function initialize(): void
// regenerate empty session
if (empty($nf['Time'])) {
$nf['Time'] = time();
$this->regenerateId(); // ensures that the session was created in strict mode (see use_strict_mode)
if ($this->request->getCookie(session_name())) { // ensures that the session was created in strict mode (see use_strict_mode)
$this->regenerateId();
}
}
// process meta metadata
@@ -25,7 +25,7 @@ $ref = 10;
$session->regenerateId();
$newId = $session->getId();
Assert::same($newId, $oldId); // new session is regenerated by $session->start()
Assert::notSame($newId, $oldId);
Assert::true(is_file($path . $newId));
$ref = 20;

0 comments on commit 7ff93fc

Please sign in to comment.
You can’t perform that action at this time.