Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restarting session after ID regeneration looses session #129

Closed
KacerCZ opened this issue Sep 1, 2017 · 2 comments
Closed

Restarting session after ID regeneration looses session #129

KacerCZ opened this issue Sep 1, 2017 · 2 comments

Comments

@KacerCZ
Copy link

@KacerCZ KacerCZ commented Sep 1, 2017

  • bug report? yes
  • feature request? no
  • version: 2.4.6

Description

I found problem with restarting session after session ID was regenerated.
This is because \Nette\Http\Session::start() takes session ID always from request cookie. Invocation of \Nette\Http\Session::regenerateId() changes session ID. Closing session and starting session again changes session ID to value which is stored in cookie, but this session ID is already deleted.

Steps To Reproduce

$session = new Session();
$session->start(); // Session ID is taken from cookie.
$session->regenerateId(); // Session ID is changed.
$session->close(); // Session with old ID is deleted, session with new ID is written.
$session->start(); // Session ID is taken from cookie - PROBLEM 
// it is old session ID, not the regenerated one and all session data are lost
@dg

This comment has been minimized.

Copy link
Member

@dg dg commented Sep 1, 2017

For information ID is taken from cookie since nette/nette#965.

Can you send PR?

@KacerCZ

This comment has been minimized.

Copy link
Author

@KacerCZ KacerCZ commented Sep 1, 2017

What is correct fix for this issue? Always get session ID using session_id() in methods start() and exists()?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.