Merge pull request phpredis#1312 from SkydiveMarius/session-locking

yatsukhnenko · web-flow · commit e352661eb8f1 · 2018-03-24T14:39:51.000+02:00
Session locking: Fix regenerate ID bug (PHP5, proxy handler)
diff --git a/redis_session.c b/redis_session.c
@@ -62,7 +62,7 @@
 #define IS_REDIS_OK(r, len) (r != NULL && len == 3 && !memcmp(r, "+OK", 3))
 
 ps_module ps_mod_redis = {
-    PS_MOD(redis)
+    PS_MOD_SID(redis)
 };
 ps_module ps_mod_redis_cluster = {
     PS_MOD(rediscluster)
@@ -566,6 +566,73 @@ redis_session_key(redis_pool_member *rpm, const char *key, int key_len, int *ses
     return session;
 }
 
+/* {{{ PS_CREATE_SID_FUNC
+ */
+PS_CREATE_SID_FUNC(redis)
+{
+    int retries = 3;
+    redis_pool *pool = PS_GET_MOD_DATA();
+
+    if (!pool) {
+#if (PHP_MAJOR_VERSION < 7)
+        return php_session_create_id(NULL, newlen TSRMLS_CC);
+#else
+        return php_session_create_id(NULL TSRMLS_CC);
+#endif
+    }
+
+    while (retries-- > 0) {
+#if (PHP_MAJOR_VERSION < 7)
+        char* sid = php_session_create_id((void **) &pool, newlen TSRMLS_CC);
+        redis_pool_member *rpm = redis_pool_get_sock(pool, sid TSRMLS_CC);
+#else
+        zend_string* sid = php_session_create_id((void **) &pool TSRMLS_CC);
+        redis_pool_member *rpm = redis_pool_get_sock(pool, ZSTR_VAL(sid) TSRMLS_CC);
+#endif
+        RedisSock *redis_sock = rpm?rpm->redis_sock:NULL;
+
+        if (!rpm || !redis_sock) {
+            php_error_docref(NULL TSRMLS_CC, E_NOTICE,
+                "Redis not available while creating session_id");
+
+#if (PHP_MAJOR_VERSION < 7)
+            efree(sid);
+            return php_session_create_id(NULL, newlen TSRMLS_CC);
+#else
+            zend_string_release(sid);
+            return php_session_create_id(NULL TSRMLS_CC);
+#endif
+        }
+
+        int resp_len;
+#if (PHP_MAJOR_VERSION < 7)
+        char *full_session_key = redis_session_key(rpm, sid, strlen(sid), &resp_len);
+#else
+        char *full_session_key = redis_session_key(rpm, ZSTR_VAL(sid), ZSTR_LEN(sid), &resp_len);
+#endif
+        char *full_session_key_nt = estrndup(full_session_key, resp_len);
+        efree(full_session_key);
+        pool->lock_status->session_key = full_session_key_nt;
+
+        if (lock_acquire(redis_sock, pool->lock_status TSRMLS_CC) == SUCCESS) {
+            return sid;
+        }
+
+#if (PHP_MAJOR_VERSION < 7)
+        efree(sid);
+#else
+        zend_string_release(sid);
+#endif
+        sid = NULL;
+    }
+
+    php_error_docref(NULL TSRMLS_CC, E_NOTICE,
+        "Acquiring session lock failed while creating session_id");
+
+    return NULL;
+}
+/* }}} */
+
 /* {{{ PS_READ_FUNC
  */
 PS_READ_FUNC(redis)
@@ -654,6 +721,19 @@ PS_WRITE_FUNC(redis)
     /* send SET command */
 #if (PHP_MAJOR_VERSION < 7)
     session = redis_session_key(rpm, key, strlen(key), &session_len);
+
+    /* We need to check for PHP5 if the session key changes (a bug with session_regenerate_id() is causing a missing PS_CREATE_SID call)*/
+    int session_key_changed = strlen(pool->lock_status->session_key) != session_len || strncmp(pool->lock_status->session_key, session, session_len) != 0;
+    if (session_key_changed) {
+        efree(pool->lock_status->session_key);
+        pool->lock_status->session_key = estrndup(session, session_len);
+    }
+
+    if (session_key_changed && lock_acquire(redis_sock, pool->lock_status TSRMLS_CC) != SUCCESS) {
+        efree(session);
+        return FAILURE;
+    }
+
     cmd_len = REDIS_SPPRINTF(&cmd, "SETEX", "sds", session, session_len,
                              INI_INT("session.gc_maxlifetime"), val, vallen);
 #else
diff --git a/redis_session.h b/redis_session.h
@@ -9,6 +9,7 @@ PS_READ_FUNC(redis);
 PS_WRITE_FUNC(redis);
 PS_DESTROY_FUNC(redis);
 PS_GC_FUNC(redis);
+PS_CREATE_SID_FUNC(redis);
 
 PS_OPEN_FUNC(rediscluster);
 PS_CLOSE_FUNC(rediscluster);
diff --git a/tests/RedisTest.php b/tests/RedisTest.php
@@ -5274,7 +5274,8 @@ public function testSession_lockWaitTime()
         $end = microtime(true);
         $elapsedTime = $end - $start;
 
-        $this->assertTrue($elapsedTime > 2.5 && $elapsedTime < 3.5);
+        $this->assertTrue($elapsedTime > 2.5);
+        $this->assertTrue($elapsedTime < 3.5);
         $this->assertTrue($sessionSuccessful);
     }
 
@@ -5288,6 +5289,110 @@ public function testMultipleConnect() {
         }
     }
 
+    public  function testSession_regenerateSessionId_noLock_noDestroy() {
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_noLock_withDestroy() {
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, false, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_withLock_noDestroy() {
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_withLock_withDestroy() {
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, true, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_noLock_noDestroy_withProxy() {
+        if (!interface_exists('SessionHandlerInterface')) {
+            $this->markTestSkipped('session handler interface not available in PHP < 5.4');
+        }
+
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, false, false, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_noLock_withDestroy_withProxy() {
+        if (!interface_exists('SessionHandlerInterface')) {
+            $this->markTestSkipped('session handler interface not available in PHP < 5.4');
+        }
+
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, false, true, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_withLock_noDestroy_withProxy() {
+        if (!interface_exists('SessionHandlerInterface')) {
+            $this->markTestSkipped('session handler interface not available in PHP < 5.4');
+        }
+
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, true, false, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
+    public  function testSession_regenerateSessionId_withLock_withDestroy_withProxy() {
+        if (!interface_exists('SessionHandlerInterface')) {
+            $this->markTestSkipped('session handler interface not available in PHP < 5.4');
+        }
+
+        $this->setSessionHandler();
+        $sessionId = $this->generateSessionId();
+        $this->startSessionProcess($sessionId, 0, false, 300, true, null, -1, 1, 'bar');
+
+        $newSessionId = $this->regenerateSessionId($sessionId, true, true, true);
+
+        $this->assertTrue($newSessionId !== $sessionId);
+        $this->assertEquals('bar', $this->getSessionData($newSessionId));
+    }
+
     private function setSessionHandler()
     {
         $host = $this->getHost() ?: 'localhost';
@@ -5358,5 +5463,24 @@ private function getSessionData($sessionId)
 
         return $output[0];
     }
+
+    /**
+     * @param string $sessionId
+     * @param bool   $locking
+     * @param bool   $destroyPrevious
+     * @param bool   $sessionProxy
+     *
+     * @return string
+     */
+    private function regenerateSessionId($sessionId, $locking = false, $destroyPrevious = false, $sessionProxy = false)
+    {
+	$args = array_map('escapeshellarg', array($sessionId, $locking, $destroyPrevious, $sessionProxy));
+
+        $command = 'php --no-php-ini --define extension=igbinary.so --define extension=' . __DIR__ . '/../modules/redis.so ' . __DIR__ . '/regenerateSessionId.php ' . escapeshellarg($this->getHost()) . ' ' . implode(' ', $args);
+
+        exec($command, $output);
+
+        return $output[0];
+    }
 }
 ?>
diff --git a/tests/regenerateSessionId.php b/tests/regenerateSessionId.php
@@ -0,0 +1,83 @@
+<?php
+error_reporting(E_ERROR | E_WARNING);
+
+$redisHost = $argv[1];
+$sessionId = $argv[2];
+$locking = !!$argv[3];
+$destroyPrevious = !!$argv[4];
+$sessionProxy = !!$argv[5];
+
+if (empty($redisHost)) {
+    $redisHost = 'localhost';
+}
+
+ini_set('session.save_handler', 'redis');
+ini_set('session.save_path', 'tcp://' . $redisHost . ':6379');
+
+if ($locking) {
+    ini_set('redis.session.locking_enabled', true);
+}
+
+if (interface_exists('SessionHandlerInterface')) {
+    class TestHandler implements SessionHandlerInterface
+    {
+        /**
+         * @var SessionHandler
+         */
+        private $handler;
+
+        public function __construct()
+        {
+            $this->handler = new SessionHandler();
+        }
+
+        public function close()
+        {
+            return $this->handler->close();
+        }
+
+        public function destroy($session_id)
+        {
+            return $this->handler->destroy($session_id);
+        }
+
+        public function gc($maxlifetime)
+        {
+            return $this->handler->gc($maxlifetime);
+        }
+
+        public function open($save_path, $name)
+        {
+            return $this->handler->open($save_path, $name);
+        }
+
+        public function read($session_id)
+        {
+            return $this->handler->read($session_id);
+        }
+
+        public function write($session_id, $session_data)
+        {
+            return $this->handler->write($session_id, $session_data);
+        }
+    }
+}
+
+if ($sessionProxy) {
+    $handler = new TestHandler();
+    session_set_save_handler($handler);
+}
+
+session_id($sessionId);
+if (!session_start()) {
+    $result = "FAILED: session_start()";
+}
+elseif (!session_regenerate_id($destroyPrevious)) {
+    $result = "FAILED: session_regenerate_id()";
+}
+else {
+    $result = session_id();
+}
+session_write_close();
+echo $result;
+
