Skip to content

[HttpKernel] Fix compatibility with php bridge and already started php sessions #44634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 26, 2022
Merged

[HttpKernel] Fix compatibility with php bridge and already started php sessions #44634

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 8 additions & 5 deletions src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,12 @@ public function onKernelRequest(RequestEvent $event)
}

/*
* For supporting sessions in php runtime with runners like roadrunner or swoole the session
* cookie need read from the cookie bag and set on the session storage.
* For supporting sessions in php runtime with runners like roadrunner or swoole, the session
* cookie needs to be read from the cookie bag and set on the session storage.
*
* Do not set it when a native php session is active.
*/
if ($sess && !$sess->isStarted()) {
if ($sess && !$sess->isStarted() && \PHP_SESSION_ACTIVE !== session_status()) {
$sessionId = $request->cookies->get($sess->getName(), '');
$sess->setId($sessionId);
}
Expand Down Expand Up @@ -152,7 +154,8 @@ public function onKernelResponse(ResponseEvent $event)
$request = $event->getRequest();
$requestSessionCookieId = $request->cookies->get($sessionName);

if ($requestSessionCookieId && $session->isEmpty()) {
$isSessionEmpty = $session->isEmpty() && empty($_SESSION); // checking $_SESSION to keep compatibility with native sessions
if ($requestSessionCookieId && $isSessionEmpty) {
$response->headers->clearCookie(
$sessionName,
$sessionCookiePath,
Expand All @@ -161,7 +164,7 @@ public function onKernelResponse(ResponseEvent $event)
$sessionCookieHttpOnly,
$sessionCookieSameSite
);
} elseif ($sessionId !== $requestSessionCookieId) {
} elseif ($sessionId !== $requestSessionCookieId && !$isSessionEmpty) {
$expire = 0;
$lifetime = $sessionOptions['cookie_lifetime'] ?? null;
if ($lifetime) {
Expand Down
184 changes: 184 additions & 0 deletions src/Symfony/Component/HttpKernel/Tests/EventListener/SessionListenerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\SessionFactory;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorage;
use Symfony\Component\HttpKernel\DataCollector\RequestDataCollector;
use Symfony\Component\HttpKernel\Event\FinishRequestEvent;
use Symfony\Component\HttpKernel\Event\RequestEvent;
Expand Down Expand Up @@ -125,6 +126,189 @@ public function provideSessionOptions(): \Generator
];
}

/**
* @runInSeparateProcess
*/
public function testPhpBridgeAlreadyStartedSession()
{
session_start();
$sessionId = session_id();

$requestStack = new RequestStack();
$request = new Request();
$requestStack->push($request);

$session = new Session();
$sessionStorage = new PhpBridgeSessionStorage();

$container = new Container();
$container->set('request_stack', $requestStack);
$container->set('session', $session);
$container->set('session_storage', $sessionStorage);

$request = new Request();
$listener = new SessionListener($container);

$event = new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);

$listener->onKernelRequest($event);

$this->assertTrue($request->hasSession());
$this->assertSame($sessionId, $request->getSession()->getId());
}

/**
* @runInSeparateProcess
*/
public function testSessionCookieWrittenNoCookieGiven()
{
$session = new Session();
$session->set('hello', 'world');

$container = new Container();
$container->set('initialized_session', $session);

$listener = new SessionListener($container);
$kernel = $this->createMock(HttpKernelInterface::class);

$request = new Request();
$listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));

$response = new Response();
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));

$cookies = $response->headers->getCookies();
$this->assertCount(1, $cookies);
$sessionCookie = $cookies[0];

$this->assertSame('PHPSESSID', $sessionCookie->getName());
$this->assertNotEmpty($sessionCookie->getValue());
$this->assertFalse($sessionCookie->isCleared());
}

/**
* @runInSeparateProcess
*/
public function testSessionCookieNotWrittenCookieGiven()
{
$session = new Session();
$session->set('hello', 'world');
$sessionId = $session->getId();

$container = new Container();
$container->set('initialized_session', $session);

$listener = new SessionListener($container);
$kernel = $this->createMock(HttpKernelInterface::class);

$request = new Request();
$request->cookies->set('PHPSESSID', $sessionId);
$listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));

$response = new Response();
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));

$cookies = $response->headers->getCookies();
$this->assertCount(0, $cookies);
}

/**
* @runInSeparateProcess
*/
public function testSessionCookieClearedWhenInvalidated()
{
$session = new Session();

$container = new Container();
$container->set('initialized_session', $session);

$listener = new SessionListener($container);
$kernel = $this->createMock(HttpKernelInterface::class);

$request = new Request();
$listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));

$session->start();
$sessionId = $session->getId();
$this->assertNotEmpty($sessionId);
$request->cookies->set($session->getName(), $sessionId);
$_SESSION['hello'] = 'world'; // check compatibility to php session bridge

$session->invalidate();

$response = new Response();
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));

$cookies = $response->headers->getCookies();
$this->assertCount(1, $cookies);
$sessionCookie = $cookies[0];

$this->assertSame('PHPSESSID', $sessionCookie->getName());
$this->assertTrue($sessionCookie->isCleared());
}

/**
* @runInSeparateProcess
*/
public function testSessionCookieNotClearedWhenOtherVariablesSet()
{
$session = new Session();

$container = new Container();
$container->set('initialized_session', $session);

$listener = new SessionListener($container);
$kernel = $this->createMock(HttpKernelInterface::class);

$request = new Request();
$listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));

$session->start();
$sessionId = $session->getId();
$this->assertNotEmpty($sessionId);
$request->cookies->set($session->getName(), $sessionId);
$_SESSION['hello'] = 'world';

$response = new Response();
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));

$cookies = $response->headers->getCookies();
$this->assertCount(0, $cookies);
}

/**
* @runInSeparateProcess
*/
public function testSessionCookieSetWhenOtherNativeVariablesSet()
{
$session = new Session();

$container = new Container();
$container->set('initialized_session', $session);

$listener = new SessionListener($container);
$kernel = $this->createMock(HttpKernelInterface::class);

$request = new Request();
$listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));

$session->start();
$sessionId = $session->getId();
$this->assertNotEmpty($sessionId);
$_SESSION['hello'] = 'world';

$response = new Response();
$listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));

$cookies = $response->headers->getCookies();
$this->assertCount(1, $cookies);
$sessionCookie = $cookies[0];

$this->assertSame('PHPSESSID', $sessionCookie->getName());
$this->assertNotEmpty($sessionCookie->getValue());
$this->assertFalse($sessionCookie->isCleared());
}

public function testOnlyTriggeredOnMainRequest()
{
$listener = $this->getMockForAbstractClass(AbstractSessionListener::class);
Expand Down