Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit cd3dddf

Browse filesBrowse files
derrabusderrabus
committed
bug #44437 [HttpKernel] Fix wrong usage of SessionUtils::popSessionCookie (simonchrz)
This PR was merged into the 5.4 branch. Discussion ---------- [HttpKernel] Fix wrong usage of SessionUtils::popSessionCookie | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #44434 | License | MIT The function onKernelResponse() removes possible Set-Cookie headers from headers_list by using SessionUtils::popSessionCookie($sessionName, $sessionCookiePath); https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L149 2nd expected parameter of SessionUtils::popSessionCookie function is the sessionId, not the $sessionCookiePath https://github.com/symfony/symfony/blob/v5.4.0/src/Symfony/Component/HttpFoundation/Session/SessionUtils.php#L28 Commits ------- 36b466e use $sessionId instead of $sessionCookiePath on SessionUtils::popSessionCookie call
2 parents dcf09d6 + 36b466e commit cd3dddf
Copy full SHA for cd3dddf

File tree

Expand file treeCollapse file tree

2 files changed

+2
-1
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+2
-1
lines changed

‎src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -146,7 +146,7 @@ public function onKernelResponse(ResponseEvent $event)
146146
$sessionCookieHttpOnly = $this->sessionOptions['cookie_httponly'] ?? true;
147147
$sessionCookieSameSite = $this->sessionOptions['cookie_samesite'] ?? Cookie::SAMESITE_LAX;
148148

149-
SessionUtils::popSessionCookie($sessionName, $sessionCookiePath);
149+
SessionUtils::popSessionCookie($sessionName, $sessionId);
150150

151151
$request = $event->getRequest();
152152
$requestSessionCookieId = $request->cookies->get($sessionName);

‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -312,6 +312,7 @@ public function testSessionUsageLogIfStatelessAndSessionUsed()
312312
public function testSessionIsSavedWhenUnexpectedSessionExceptionThrown()
313313
{
314314
$session = $this->createMock(Session::class);
315+
$session->expects($this->exactly(1))->method('getId')->willReturn('123456');
315316
$session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
316317
$session->method('isStarted')->willReturn(true);
317318
$session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.