Skip to content

[HttpKernel] Fix wrong usage of SessionUtils::popSessionCookie #44437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 6, 2021
Merged

[HttpKernel] Fix wrong usage of SessionUtils::popSessionCookie #44437

merged 1 commit into from
Dec 6, 2021

Conversation

simonchrz
Copy link
Contributor

Q A
Branch? 5.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #44434
License MIT

The function onKernelResponse() removes possible Set-Cookie headers from headers_list by using SessionUtils::popSessionCookie($sessionName, $sessionCookiePath);
https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L149

2nd expected parameter of SessionUtils::popSessionCookie function is the sessionId, not the $sessionCookiePath
https://github.com/symfony/symfony/blob/v5.4.0/src/Symfony/Component/HttpFoundation/Session/SessionUtils.php#L28

@carsonbot carsonbot added this to the 5.4 milestone Dec 3, 2021
@carsonbot carsonbot changed the title Fix 44434 [HttpKernel] Fix 44434 Dec 3, 2021
@simonchrz
Copy link
Contributor Author

@alexander-schranz could you please check if this works for you on #41390 ?

@carsonbot
Copy link

Hey!

I think @mtarld has recently worked with this code. Maybe they can help review this?

Cheers!

Carsonbot

@chalasr chalasr mentioned this pull request Dec 5, 2021
Closed
@chalasr chalasr changed the title [HttpKernel] Fix 44434 [HttpKernel] Fix wrong usage of SessionUtils::popSessionCookie Dec 5, 2021
derrabus
derrabus approved these changes Dec 6, 2021
View reviewed changes
Copy link
Member

@derrabus derrabus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexander-schranz Since this changes code you've contributed, can you please verify that this change works for you?

chalasr
chalasr approved these changes Dec 6, 2021
View reviewed changes
Copy link
Member

@chalasr chalasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as well

alexander-schranz
alexander-schranz approved these changes Dec 6, 2021
View reviewed changes
Copy link
Contributor

@alexander-schranz alexander-schranz left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks correct for me. Did test it also with roadrunner on symfony demo and the php runtime. Session there works still as expected.

@derrabus
Copy link
Member

derrabus commented Dec 6, 2021

Thank you @simonchrz for taking care of this regression.

@derrabus derrabus merged commit cd3dddf into symfony:5.4 Dec 6, 2021
@alexander-schranz
Copy link
Contributor

@simonchrz Thx for fixing this 👍

This was referenced Dec 9, 2021
Merged
Merged
@berkut1 berkut1 mentioned this pull request Dec 10, 2021
Closed
@verng95 verng95 mentioned this pull request Dec 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@derrabus derrabus derrabus approved these changes

@alexander-schranz alexander-schranz alexander-schranz approved these changes

@chalasr chalasr chalasr approved these changes

Assignees
No one assigned
Labels
Bug HttpKernel Status: Reviewed
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.
6 participants
@simonchrz @carsonbot @derrabus @alexander-schranz @chalasr @xabbuh