Skip to content

fix(http): sync context sid/session after sessionRegenerateId()#1135

Merged
walkor merged 1 commit intowalkor:masterfrom
xiaoguo0426:fix/session-regenerate-id-update-context
Mar 20, 2026
Merged

fix(http): sync context sid/session after sessionRegenerateId()#1135
walkor merged 1 commit intowalkor:masterfrom
xiaoguo0426:fix/session-regenerate-id-update-context

Conversation

@xiaoguo0426
Copy link
Contributor

@xiaoguo0426 xiaoguo0426 commented Mar 20, 2026

问题

调用 sessionRegenerateId() 时,虽然已通过 setSidCookie() 写入新的会话 ID,并构造了带迁移数据的 Session($newSid),但 $this->context['sid']$this->context['session'] 未更新
由于:

  • session() 使用 $this->context['session'] ??= new Session($this->sessionId()),会长期缓存首次创建的 Session 实例;
  • sessionId()context['sid'] 已存在时直接返回缓存值;
    导致同一次请求内再次调用 session() / sessionId() 仍指向旧的会话 ID 与 Session 对象,与响应头中的新 Cookie 不一致,可能造成读写错会话或表现为「读不到 session 数据」。

修改

setSidCookie() 之后补充:

  • $this->context['sid'] = $newSid;
  • $this->context['session'] = $session;
    使内部缓存与新生成的会话及 Cookie 保持一致。

@xiaoguo0426
fix(http): sync context sid/session after sessionRegenerateId()
38fd158 
Update $this->context['sid'] and $this->context['session'] when rotating
the session id so session() and sessionId() stay consistent with the new
Session instance and Set-Cookie within the same request.

Made-with: Cursor
@walkor walkor merged commit 969a931 into walkor:master Mar 20, 2026
24 checks passed
@xiaoguo0426 xiaoguo0426 deleted the fix/session-regenerate-id-update-context branch March 20, 2026 07:41
@walkor
Copy link
Owner

walkor commented Mar 20, 2026

已经合并,说明清晰、逻辑完整,非常棒的PR
点赞👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@xiaoguo0426 @walkor