Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit e82918c

Browse filesBrowse files
tamcynicolas-grekas
authored andcommitted
[HttpKernel] Configure session.cookie_secure earlier
1 parent 9765b5a commit e82918c
Copy full SHA for e82918c

File tree

3 files changed

+22
-5
lines changed
Filter options

3 files changed

+22
-5
lines changed

‎src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -389,6 +389,9 @@ public function setOptions(array $options)
389389
$this->emulateSameSite = $value;
390390
continue;
391391
}
392+
if ('cookie_secure' === $key && 'auto' === $value) {
393+
continue;
394+
}
392395
ini_set('url_rewriter.tags' !== $key ? 'session.'.$key : $key, $value);
393396
}
394397
}

‎src/Symfony/Component/HttpKernel/EventListener/SessionListener.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/EventListener/SessionListener.php
+13-3Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,7 @@
1414
use Psr\Container\ContainerInterface;
1515
use Symfony\Component\HttpFoundation\Session\SessionInterface;
1616
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
17+
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
1718

1819
/**
1920
* Sets the session in the request.
@@ -33,10 +34,12 @@ public function __construct(ContainerInterface $container)
3334
$this->container = $container;
3435
}
3536

36-
protected function getSession(): ?SessionInterface
37+
public function onKernelRequest(GetResponseEvent $event)
3738
{
38-
if (!$this->container->has('session')) {
39-
return null;
39+
parent::onKernelRequest($event);
40+
41+
if (!$event->isMasterRequest() || !$this->container->has('session')) {
42+
return;
4043
}
4144

4245
if ($this->container->has('session_storage')
@@ -46,6 +49,13 @@ protected function getSession(): ?SessionInterface
4649
) {
4750
$storage->setOptions(['cookie_secure' => true]);
4851
}
52+
}
53+
54+
protected function getSession(): ?SessionInterface
55+
{
56+
if (!$this->container->has('session')) {
57+
return null;
58+
}
4959

5060
return $this->container->get('session');
5161
}

‎src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
+6-2Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,7 +59,7 @@ public function testSessionIsSet()
5959
$listener = new SessionListener($container);
6060

6161
$event = $this->createMock(RequestEvent::class);
62-
$event->expects($this->once())->method('isMasterRequest')->willReturn(true);
62+
$event->expects($this->exactly(2))->method('isMasterRequest')->willReturn(true);
6363
$event->expects($this->once())->method('getRequest')->willReturn($request);
6464

6565
$listener->onKernelRequest($event);
@@ -203,12 +203,16 @@ public function testGetSessionIsCalledOnce()
203203
$listener = new SessionListener($container);
204204
$listener->onKernelRequest($event);
205205

206+
// storage->setOptions() should have been called already
207+
$container->set('session_storage', null);
208+
$sessionStorage = null;
209+
206210
$subRequest = $masterRequest->duplicate();
207211
// at this point both master and subrequest have a closure to build the session
208212

209213
$masterRequest->getSession();
210214

211-
// calling the factory on the subRequest should not trigger a second call to storage->sesOptions()
215+
// calling the factory on the subRequest should not trigger a second call to storage->setOptions()
212216
$subRequest->getSession();
213217
}
214218
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.