Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security/Http] don't require the session to be started when tracking its id #36118

merged 1 commit into from Mar 18, 2020


Copy link

nicolas-grekas commented Mar 17, 2020

Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

$session->getId() returns the empty string when the session is not yet started.
When this happens, the session tracking logic wrongly detects that a new session was created and thus disables HTTP caching.

This fixes the issue by looking at the value of the session cookie instead.
(the case for true is when using MockArraySessionStorage as done in tests)

@nicolas-grekas nicolas-grekas added this to the 4.4 milestone Mar 17, 2020
@nicolas-grekas nicolas-grekas changed the title [Security/Http] ensure session is started when tracking it [Security/Http] don't require the session to be started when tracking its id Mar 17, 2020
@nicolas-grekas nicolas-grekas force-pushed the nicolas-grekas:sec-session-start branch from 19c656e to c39188a Mar 17, 2020
fabpot approved these changes Mar 18, 2020

This comment has been minimized.

Copy link

fabpot commented Mar 18, 2020

Thank you @nicolas-grekas.

@fabpot fabpot merged commit abefccf into symfony:4.4 Mar 18, 2020
2 of 3 checks passed
2 of 3 checks passed
continuous-integration/appveyor/pr AppVeyor build failed
continuous-integration/travis-ci/pr The Travis CI build passed
Details Your code looks good.
This was referenced Mar 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.