From 8ec093e9f4d6ed7ed8cb79e3a28079b9287129fd Mon Sep 17 00:00:00 2001
From: Abdul Malik Ikhsan <samsonasik@gmail.com>
Date: Fri, 3 Jan 2020 21:46:45 +0700
Subject: [PATCH] destroy session first on regenerate session when session is
 active

Signed-off-by: Abdul Malik Ikhsan <samsonasik@gmail.com>
---
 src/PhpSessionPersistence.php      |  8 +++++---
 test/PhpSessionPersistenceTest.php | 19 +++++++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/PhpSessionPersistence.php b/src/PhpSessionPersistence.php
index 9126ac4..9eb8c55 100644
--- a/src/PhpSessionPersistence.php
+++ b/src/PhpSessionPersistence.php
@@ -26,6 +26,7 @@
 use function gmdate;
 use function ini_get;
 use function random_bytes;
+use function session_destroy;
 use function session_id;
 use function session_name;
 use function session_start;
@@ -186,12 +187,13 @@ private function startSession(string $id, array $options = []) : void
 
     /**
      * Regenerates the session safely.
-     *
-     * @link http://php.net/manual/en/function.session-regenerate-id.php (Example #2)
      */
     private function regenerateSession() : string
     {
-        session_write_close();
+        if (PHP_SESSION_ACTIVE === session_status()) {
+            session_destroy();
+        }
+
         $id = $this->generateSessionId();
         $this->startSession($id, [
             'use_strict_mode' => false,
diff --git a/test/PhpSessionPersistenceTest.php b/test/PhpSessionPersistenceTest.php
index c9b9b21..c8863d9 100644
--- a/test/PhpSessionPersistenceTest.php
+++ b/test/PhpSessionPersistenceTest.php
@@ -29,8 +29,10 @@
 use function ini_get;
 use function session_id;
 use function session_name;
+use function session_save_path;
 use function session_start;
 use function session_status;
+use function sys_get_temp_dir;
 use function time;
 
 use const PHP_SESSION_ACTIVE;
@@ -910,6 +912,23 @@ public function testInitializeIdRegeneratesSessionId()
         $this->assertFalse($actual->isRegenerated());
     }
 
+    public function testRegenerateWhenSessionAlreadyActiveDestroyExistingSessionFirst()
+    {
+        session_start();
+
+        $_SESSION['test'] = 'value';
+        $fileSession = (session_save_path() ?: sys_get_temp_dir()) . '/sess_' . session_id();
+
+        $this->assertFileExists($fileSession);
+
+        $persistence = new PhpSessionPersistence();
+        $session     = new Session(['foo' => 'bar']);
+        $session     = $session->regenerate();
+        $persistence->persistSession($session, new Response());
+
+        $this->assertFileNotExists($fileSession);
+    }
+
     public function testInitializeIdReturnsSessionUnaltered()
     {
         $persistence = new PhpSessionPersistence();