NEXT-34113 - Clear cookies on 404 pages

shopware · Mar 5, 2024 · 3477e4a · 3477e4a
1 parent 8767a98
commit 3477e4a
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 257 deletions.
diff --git a/DependencyInjection/services.xml b/DependencyInjection/services.xml
@@ -182,6 +182,7 @@
             <argument type="service" id="Shopware\Core\Framework\DataAbstractionLayer\Cache\EntityCacheKeyGenerator"/>
             <argument type="service" id="Shopware\Core\Framework\Adapter\Cache\CacheInvalidator"/>
             <argument type="service" id="event_dispatcher"/>
+            <argument>%session.storage.options%</argument>
 
             <tag name="kernel.event_subscriber"/>
             <tag name="kernel.reset" method="reset"/>

diff --git a/Framework/Routing/NotFound/NotFoundSubscriber.php b/Framework/Routing/NotFound/NotFoundSubscriber.php
@@ -42,10 +42,13 @@ class NotFoundSubscriber implements EventSubscriberInterface, ResetInterface
      */
     private bool $handled = false;
 
+    private string $sessionName;
+
     /**
      * @internal
      *
      * @param AbstractCacheTracer<Response> $cacheTracer
+     * @param array{name?: string} $sessionOptions
      */
     public function __construct(
         private readonly HttpKernelInterface $httpKernel,
@@ -55,8 +58,10 @@ public function __construct(
         private readonly AbstractCacheTracer $cacheTracer,
         private readonly EntityCacheKeyGenerator $generator,
         private readonly CacheInvalidator $cacheInvalidator,
-        private readonly EventDispatcherInterface $eventDispatcher
+        private readonly EventDispatcherInterface $eventDispatcher,
+        array $sessionOptions = []
     ) {
+        $this->sessionName = $sessionOptions['name'] ?? 'session-';
     }
 
     public static function getSubscribedEvents(): array
@@ -123,6 +128,13 @@ public function onError(ExceptionEvent $event): void
                 $response->setContext(null);
             }
 
+            // Remove session cookie from 404 pages, injected by the Symfony session listener
+            foreach ($response->headers->getCookies() as $cookie) {
+                if ($cookie->getName() === $this->sessionName) {
+                    $response->headers->removeCookie($cookie->getName(), $cookie->getPath(), $cookie->getDomain());
+                }
+            }
+
             return $response;
         });
 

diff --git a/Test/Framework/Routing/NotFound/NotFoundPageCacheKeyEventTest.php b/Test/Framework/Routing/NotFound/NotFoundPageCacheKeyEventTest.php
diff --git a/Test/Framework/Routing/NotFound/NotFoundPageTagsEventTest.php b/Test/Framework/Routing/NotFound/NotFoundPageTagsEventTest.php
diff --git a/Test/Framework/Routing/NotFound/NotFoundSubscriberTest.php b/Test/Framework/Routing/NotFound/NotFoundSubscriberTest.php