Session: session id cookie is checked only if it was not regenerated [C…

…loses #133][Closes #129]
nette · Mar 14, 2018 · ceb57b2 · ceb57b2
1 parent 721231b
commit ceb57b2
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 5 deletions.
diff --git a/src/Http/Session.php b/src/Http/Session.php
@@ -75,11 +75,13 @@ public function start()
 
 		$this->configure($this->options);
 
-		$id = $this->request->getCookie(session_name());
-		if (is_string($id) && preg_match('#^[0-9a-zA-Z,-]{22,256}\z#i', $id)) {
-			session_id($id);
-		} else {
-			unset($_COOKIE[session_name()]);
+		if (!session_id()) {
+			$id = $this->request->getCookie(session_name());
+			if (is_string($id) && preg_match('#^[0-9a-zA-Z,-]{22,256}\z#i', $id)) {
+				session_id($id);
+			} else {
+				unset($_COOKIE[session_name()]);
+			}
 		}
 
 		try {

diff --git a/tests/Http/Session.restart-after-regenerate.phpt b/tests/Http/Session.restart-after-regenerate.phpt
@@ -0,0 +1,33 @@
+<?php
+
+/**
+ * Test: Nette\Http\Session is preserved after regenerateId and restarting
+ */
+
+use Nette\Http;
+use Tester\Assert;
+
+
+require __DIR__ . '/../bootstrap.php';
+
+$cookies = [session_name() => $sessionId = md5('3')];
+file_put_contents(TEMP_DIR . '/sess_' . $sessionId, sprintf('__NF|a:2:{s:4:"Time";i:%s;s:4:"DATA";a:1:{s:4:"temp";a:1:{s:5:"value";s:3:"yes";}}}', time() - 1000));
+
+$session = new Http\Session(new Http\Request(new Http\UrlScript, null, [], [], $cookies), new Http\Response);
+
+$session->start();
+Assert::same($sessionId, $session->getId());
+Assert::same('yes', $session->getSection('temp')->value);
+
+$session->regenerateId();
+Assert::notSame($sessionId, $session->getId());
+$newSessionId = $session->getId();
+Assert::same(session_id(), $newSessionId);
+$session->close();
+
+$session->start();
+Assert::same('yes', $session->getSection('temp')->value);
+Assert::same($newSessionId, $session->getId());
+
+Assert::true(file_exists(TEMP_DIR . '/sess_' . $newSessionId));
+Assert::count(1, glob(TEMP_DIR . '/sess_*'));