Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 2f59c5a

Browse filesBrowse files
alexander-schranzfabpot
alexander-schranz
authored and
fabpot
committed
Fix use_cookies framework session configuration
1 parent c9a5155 commit 2f59c5a
Copy full SHA for 2f59c5a

File tree

2 files changed

+48
-33
lines changed
Filter options

2 files changed

+48
-33
lines changed

‎src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
+29-26Lines changed: 29 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -148,42 +148,45 @@ public function onKernelResponse(ResponseEvent $event)
148148
$sessionCookieSecure = $sessionOptions['cookie_secure'] ?? false;
149149
$sessionCookieHttpOnly = $sessionOptions['cookie_httponly'] ?? true;
150150
$sessionCookieSameSite = $sessionOptions['cookie_samesite'] ?? Cookie::SAMESITE_LAX;
151+
$sessionUseCookies = $sessionOptions['use_cookies'] ?? true;
151152

152153
SessionUtils::popSessionCookie($sessionName, $sessionId);
153154

154-
$request = $event->getRequest();
155-
$requestSessionCookieId = $request->cookies->get($sessionName);
156-
157-
$isSessionEmpty = $session->isEmpty() && empty($_SESSION); // checking $_SESSION to keep compatibility with native sessions
158-
if ($requestSessionCookieId && $isSessionEmpty) {
159-
$response->headers->clearCookie(
160-
$sessionName,
161-
$sessionCookiePath,
162-
$sessionCookieDomain,
163-
$sessionCookieSecure,
164-
$sessionCookieHttpOnly,
165-
$sessionCookieSameSite
166-
);
167-
} elseif ($sessionId !== $requestSessionCookieId && !$isSessionEmpty) {
168-
$expire = 0;
169-
$lifetime = $sessionOptions['cookie_lifetime'] ?? null;
170-
if ($lifetime) {
171-
$expire = time() + $lifetime;
172-
}
155+
if ($sessionUseCookies) {
156+
$request = $event->getRequest();
157+
$requestSessionCookieId = $request->cookies->get($sessionName);
173158

174-
$response->headers->setCookie(
175-
Cookie::create(
159+
$isSessionEmpty = $session->isEmpty() && empty($_SESSION); // checking $_SESSION to keep compatibility with native sessions
160+
if ($requestSessionCookieId && $isSessionEmpty) {
161+
$response->headers->clearCookie(
176162
$sessionName,
177-
$sessionId,
178-
$expire,
179163
$sessionCookiePath,
180164
$sessionCookieDomain,
181165
$sessionCookieSecure,
182166
$sessionCookieHttpOnly,
183-
false,
184167
$sessionCookieSameSite
185-
)
186-
);
168+
);
169+
} elseif ($sessionId !== $requestSessionCookieId && !$isSessionEmpty) {
170+
$expire = 0;
171+
$lifetime = $sessionOptions['cookie_lifetime'] ?? null;
172+
if ($lifetime) {
173+
$expire = time() + $lifetime;
174+
}
175+
176+
$response->headers->setCookie(
177+
Cookie::create(
178+
$sessionName,
179+
$sessionId,
180+
$expire,
181+
$sessionCookiePath,
182+
$sessionCookieDomain,
183+
$sessionCookieSecure,
184+
$sessionCookieHttpOnly,
185+
false,
186+
$sessionCookieSameSite
187+
)
188+
);
189+
}
187190
}
188191
}
189192

‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
+19-7Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -66,13 +66,19 @@ public function testSessionCookieOptions(array $phpSessionOptions, array $sessio
6666
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
6767

6868
$cookies = $response->headers->getCookies();
69-
$this->assertSame('PHPSESSID', $cookies[0]->getName());
70-
$this->assertSame('123456', $cookies[0]->getValue());
71-
$this->assertSame($expectedSessionOptions['cookie_path'], $cookies[0]->getPath());
72-
$this->assertSame($expectedSessionOptions['cookie_domain'], $cookies[0]->getDomain());
73-
$this->assertSame($expectedSessionOptions['cookie_secure'], $cookies[0]->isSecure());
74-
$this->assertSame($expectedSessionOptions['cookie_httponly'], $cookies[0]->isHttpOnly());
75-
$this->assertSame($expectedSessionOptions['cookie_samesite'], $cookies[0]->getSameSite());
69+
70+
if ($sessionOptions['use_cookies'] ?? true) {
71+
$this->assertCount(1, $cookies);
72+
$this->assertSame('PHPSESSID', $cookies[0]->getName());
73+
$this->assertSame('123456', $cookies[0]->getValue());
74+
$this->assertSame($expectedSessionOptions['cookie_path'], $cookies[0]->getPath());
75+
$this->assertSame($expectedSessionOptions['cookie_domain'], $cookies[0]->getDomain());
76+
$this->assertSame($expectedSessionOptions['cookie_secure'], $cookies[0]->isSecure());
77+
$this->assertSame($expectedSessionOptions['cookie_httponly'], $cookies[0]->isHttpOnly());
78+
$this->assertSame($expectedSessionOptions['cookie_samesite'], $cookies[0]->getSameSite());
79+
} else {
80+
$this->assertCount(0, $cookies);
81+
}
7682
}
7783

7884
public function provideSessionOptions(): \Generator
@@ -126,6 +132,12 @@ public function provideSessionOptions(): \Generator
126132
'sessionOptions' => ['cookie_path' => '/test/', 'cookie_httponly' => true, 'cookie_secure' => true, 'cookie_samesite' => Cookie::SAMESITE_LAX],
127133
'expectedSessionOptions' => ['cookie_path' => '/test/', 'cookie_domain' => '', 'cookie_secure' => true, 'cookie_httponly' => true, 'cookie_samesite' => Cookie::SAMESITE_LAX],
128134
];
135+
136+
yield 'set_use_cookies_false_by_symfony' => [
137+
'phpSessionOptions' => [],
138+
'sessionOptions' => ['use_cookies' => false, 'cookie_domain' => '', 'cookie_secure' => true, 'cookie_httponly' => true, 'cookie_samesite' => Cookie::SAMESITE_LAX],
139+
'expectedSessionOptions' => [],
140+
];
129141
}
130142

131143
/**

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.