Skip to content

[Session] bad merge in PdoSessionHandler? #34995

New issue
New issue
Closed
Closed
[Session] bad merge in PdoSessionHandler?#34995
Labels
BugHttpFoundationStatus: Needs Review
@apfelbox

Description

@apfelbox
apfelbox
opened on Dec 16, 2019

Symfony version(s) affected: master

Description
I was just reading the code of the PdoSessionHandler, when I encountered something that looks like a bad merge:

symfony/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php

Lines 871 to 875 in c8f3053

$mergeStmt->bindValue(4, time() + $maxlifetime, \PDO::PARAM_INT);
$mergeStmt->bindValue(4, time(), \PDO::PARAM_INT);
$mergeStmt->bindParam(5, $data, \PDO::PARAM_LOB);
$mergeStmt->bindValue(6, time() + $maxlifetime, \PDO::PARAM_INT);
$mergeStmt->bindValue(6, time(), \PDO::PARAM_INT);

Just wanted somebody to confirm that. As bindValue just overwrites the previously set value, it seems that all sessions in SQLServer are immediately invalidated, as the last value bound to the expiry fields is just time().

How to reproduce
I don't run SQLServer, so I have no easy way to confirm this. Just wanted to confirm that I am not misreading the code.
I can try to then add a failing test case.

Possible Solution
Remove duplicate lines and only leave the ones with + $maxlifetime.

Additional context

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugHttpFoundationStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions