Merging develop to master in preparation for 1.5.0 release.

zendframework · Feb 11, 2019 · 75bc1fa · 75bc1fa
2 parents 7253cd5 + 4eb6a25
commit 75bc1fa
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,15 +2,19 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
-## 1.4.1 - TBD
+## 1.5.0 - 2019-02-11
 
 ### Added
 
 - Nothing.
 
 ### Changed
 
-- Nothing.
+- [#34](https://github.com/zendframework/zend-expressive-session-ext/pull/34) modifies the logic used when starting a session to ensure the REQUIRED
+  defaults are always set. These include:
+  - session.use_cookies = false
+  - session.use_only_cookes = true
+  - session.cache_limiter = ""
 
 ### Deprecated
 

diff --git a/composer.json b/composer.json
@@ -48,8 +48,8 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.4.x-dev",
-            "dev-develop": "1.5.x-dev"
+            "dev-master": "1.5.x-dev",
+            "dev-develop": "1.6.x-dev"
         },
         "zf": {
             "config-provider": "Zend\\Expressive\\Session\\Ext\\ConfigProvider"

diff --git a/composer.lock b/composer.lock
diff --git a/src/PhpSessionPersistence.php b/src/PhpSessionPersistence.php
@@ -151,11 +151,11 @@ public function persistSession(SessionInterface $session, ResponseInterface $res
     private function startSession(string $id, array $options = []) : void
     {
         session_id($id);
-        session_start(array_merge([
+        session_start([
             'use_cookies'      => false,
             'use_only_cookies' => true,
             'cache_limiter'    => '',
-        ], $options));
+        ] + $options);
     }
 
     /**

diff --git a/test/PhpSessionPersistenceTest.php b/test/PhpSessionPersistenceTest.php
@@ -13,6 +13,7 @@
 use Dflydev\FigCookies\SetCookie;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\ServerRequestInterface;
+use ReflectionMethod;
 use Zend\Diactoros\Response;
 use Zend\Diactoros\ServerRequest;
 use Zend\Expressive\Session\Ext\PhpSessionPersistence;
@@ -555,4 +556,33 @@ public function testSavedSessionLifetimeOverridesDefaultLifetime()
 
         $this->restoreOriginalSessionIniSettings($ini);
     }
+
+    public function testStartSessionDoesNotOverrideRequiredSettings()
+    {
+        $persistence = new PhpSessionPersistence();
+
+        $method = new ReflectionMethod($persistence, 'startSession');
+        $method->setAccessible(true);
+
+        // try to override required settings
+        $method->invokeArgs($persistence, [
+            'my-session-id',
+            [
+                'use_cookies'      => true,      // FALSE is required
+                'use_only_cookies' => false,     // TRUE is required
+                'cache_limiter'    => 'nocache', // '' is required
+            ]
+        ]);
+
+        $filter = FILTER_VALIDATE_BOOLEAN;
+        $flags  = FILTER_NULL_ON_FAILURE;
+
+        $session_use_cookies      = filter_var(ini_get('session.use_cookies'), $filter, $flags);
+        $session_use_only_cookies = filter_var(ini_get('session.use_only_cookies'), $filter, $flags);
+        $session_cache_limiter    = ini_get('session.cache_limiter');
+
+        $this->assertFalse($session_use_cookies);
+        $this->assertTrue($session_use_only_cookies);
+        $this->assertSame('', $session_cache_limiter);
+    }
 }