-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
[HttpFoundation] Do not return an empty session id if the session was closed #9611
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wonder what is the purpose of the
closedflag? Under which circumstance can a session be started === true and closed === true at the same time?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The state you're describing (
started === trueandclosed === true), was effective when saving the session before applying #9246. this behavour was solved, but this method would then return an empty id, thus deleting the session cookie... Which is why I extended this condition to return an empty session id only if the session was never started, not even once.So that's the point of having the
closedflag : to tell the difference for thestartedflag whether it means the session was already at least started once or never started. If it is true, then that means that the session was started at least once.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. The only time when you have an empty session ID is when no session has been started, Once it's been started, it can be closed and started again. But in this case you will have a session ID. It's just representing PHP's behaviour.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok. So having two boolean variables suggest there can be 4 different states. But you only described 3.
If there are only 3, then why not remove the
closed propertyand makestarted = true|false|null(null means never started).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's really hard to read
!$this->started && !$this->closedand all these combinations. Also there does not seem to be a getter for "closed" anyway.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Point taken ; but I think it could be confusing to have a
startedproperty which could benull,falseortrue... How about changingclosedtorunningand setting it totruewhen the session is started for the first time ? And leave thestartedflag as it is, a flag ?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Taluu I think it's out of scope of this bug fix. A PR should focus on one task - which in this case is fixing a bug. Refactoring internals is something separate.
@Tobion
closedrepresents private internal state so should not have a getter. To the outside world, the session is either started or not. But internally, it needs to know more in order to be able to replicate PHP's behaviour.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes that is why i said it can be implemented differently because its only internal. But why is it protected at all and not private?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's
protectedspecifically to allow inheritance, like you can see with thePhpBridgeSessionStorage.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess the additional problem with refactoring
closedis it would also mean any child classes relying on it will break.