Skip to content

Commit 8ec093e

Browse files
samsonasikmichalbundyra
samsonasik
authored and
michalbundyra
committed
destroy session first on regenerate session when session is active
Signed-off-by: Abdul Malik Ikhsan <[email protected]>
1 parent 1ef89fe commit 8ec093e

File tree

2 files changed

+24
-3
lines changed

2 files changed

+24
-3
lines changed

src/PhpSessionPersistence.php

+5-3
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
use function gmdate;
2727
use function ini_get;
2828
use function random_bytes;
29+
use function session_destroy;
2930
use function session_id;
3031
use function session_name;
3132
use function session_start;
@@ -186,12 +187,13 @@ private function startSession(string $id, array $options = []) : void
186187

187188
/**
188189
* Regenerates the session safely.
189-
*
190-
* @link http://php.net/manual/en/function.session-regenerate-id.php (Example #2)
191190
*/
192191
private function regenerateSession() : string
193192
{
194-
session_write_close();
193+
if (PHP_SESSION_ACTIVE === session_status()) {
194+
session_destroy();
195+
}
196+
195197
$id = $this->generateSessionId();
196198
$this->startSession($id, [
197199
'use_strict_mode' => false,

test/PhpSessionPersistenceTest.php

+19
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,10 @@
2929
use function ini_get;
3030
use function session_id;
3131
use function session_name;
32+
use function session_save_path;
3233
use function session_start;
3334
use function session_status;
35+
use function sys_get_temp_dir;
3436
use function time;
3537

3638
use const PHP_SESSION_ACTIVE;
@@ -910,6 +912,23 @@ public function testInitializeIdRegeneratesSessionId()
910912
$this->assertFalse($actual->isRegenerated());
911913
}
912914

915+
public function testRegenerateWhenSessionAlreadyActiveDestroyExistingSessionFirst()
916+
{
917+
session_start();
918+
919+
$_SESSION['test'] = 'value';
920+
$fileSession = (session_save_path() ?: sys_get_temp_dir()) . '/sess_' . session_id();
921+
922+
$this->assertFileExists($fileSession);
923+
924+
$persistence = new PhpSessionPersistence();
925+
$session = new Session(['foo' => 'bar']);
926+
$session = $session->regenerate();
927+
$persistence->persistSession($session, new Response());
928+
929+
$this->assertFileNotExists($fileSession);
930+
}
931+
913932
public function testInitializeIdReturnsSessionUnaltered()
914933
{
915934
$persistence = new PhpSessionPersistence();

0 commit comments

Comments
 (0)