Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restarting session after ID regeneration looses session #129

Closed
KacerCZ opened this issue Sep 1, 2017 · 2 comments
Closed

Restarting session after ID regeneration looses session #129

KacerCZ opened this issue Sep 1, 2017 · 2 comments

Comments

@KacerCZ
Copy link

KacerCZ commented Sep 1, 2017

  • bug report? yes
  • feature request? no
  • version: 2.4.6

Description

I found problem with restarting session after session ID was regenerated.
This is because \Nette\Http\Session::start() takes session ID always from request cookie. Invocation of \Nette\Http\Session::regenerateId() changes session ID. Closing session and starting session again changes session ID to value which is stored in cookie, but this session ID is already deleted.

Steps To Reproduce

$session = new Session();
$session->start(); // Session ID is taken from cookie.
$session->regenerateId(); // Session ID is changed.
$session->close(); // Session with old ID is deleted, session with new ID is written.
$session->start(); // Session ID is taken from cookie - PROBLEM 
// it is old session ID, not the regenerated one and all session data are lost
@dg
Copy link
Member

dg commented Sep 1, 2017

For information ID is taken from cookie since nette/nette#965.

Can you send PR?

@KacerCZ
Copy link
Author

KacerCZ commented Sep 1, 2017

What is correct fix for this issue? Always get session ID using session_id() in methods start() and exists()?

@KacerCZ KacerCZ mentioned this issue Mar 6, 2018
Closed
@dg dg closed this as completed in a1a4023 Mar 14, 2018
dg added a commit that referenced this issue Mar 14, 2018
@dg
Session: session id cookie is checked only if it was not regenerated [C…
ceb57b2 
…loses #133][Closes #129]
dg added a commit that referenced this issue Mar 14, 2018
@dg
Session: session id cookie is checked only if it was not regenerated [C…
5fcfd19 
…loses #133][Closes #129]
dg added a commit that referenced this issue Mar 14, 2018
@dg
Session: session id cookie is checked only if it was not regenerated [C…
9d0cbd1 
…loses #133][Closes #129]
dg added a commit that referenced this issue Mar 14, 2018
@dg
Session: session id cookie is checked only if it was not regenerated [C…
e7df54e 
…loses #133][Closes #129]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dg @KacerCZ