New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PdoSessionHandler: fix advisory lock for pgsql #24367

Merged
merged 1 commit into from Sep 29, 2017

Conversation

Projects
None yet
3 participants
@Tobion
Member

Tobion commented Sep 28, 2017

when session.sid_bits per_character > 4 the session id can contain non-hex-characters which will be ignored by hexdec. this can potentially result in collisions on the lock key from different sessions, e.g. the session ids aagh and aaij would have the same pgsql lock because hexdec('aagh') === hexdec('aaij')

Q A
Branch? 2.7
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets #24095
License MIT
Doc PR

@Tobion Tobion changed the title from PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_… to PdoSessionHandler: fix advisory lock for pgsql Sep 28, 2017

@fabpot

This comment has been minimized.

Show comment
Hide comment
@fabpot

fabpot Sep 29, 2017

Member

Thank you @Tobion.

Member

fabpot commented Sep 29, 2017

Thank you @Tobion.

@fabpot fabpot merged commit 0f0a6e8 into symfony:2.7 Sep 29, 2017

3 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
fabbot.io Your code looks good.
Details

fabpot added a commit that referenced this pull request Sep 29, 2017

bug #24367 PdoSessionHandler: fix advisory lock for pgsql (Tobion)
This PR was merged into the 2.7 branch.

Discussion
----------

PdoSessionHandler: fix advisory lock for pgsql

when session.sid_bits per_character > 4 the session id can contain non-hex-characters which will be ignored by hexdec. this can potentially result in collisions on the lock key from different sessions, e.g. the session ids `aagh` and `aaij` would have the same pgsql lock because `hexdec('aagh') === hexdec('aaij')`

| Q             | A
| ------------- | ---
| Branch?       | 2.7
| Bug fix?      | yes
| New feature?  | no <!-- don't forget updating src/**/CHANGELOG.md files -->
| BC breaks?    | no
| Deprecations? | no <!-- don't forget updating UPGRADE-*.md files -->
| Tests pass?   | yes
| Fixed tickets | #24095
| License       | MIT
| Doc PR        |

Commits
-------

0f0a6e8 PdoSessionHandler: fix advisory lock for pgsql when session.sid_bits_per_character > 4

@Tobion Tobion deleted the Tobion:fix-pdo-session-advisory-lock-bits-per-char branch Sep 29, 2017

This was referenced Oct 5, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment