bug symfony#13286 [Security] Don't destroy the session on buggy php releases. (derrabus)

fabpot · fabpot · commit c076ba8a9a72 · 2015-01-07T09:13:08.000+01:00
This PR was squashed before being merged into the 2.3 branch (closes symfony#13286). Discussion ---------- [Security] Don't destroy the session on buggy php releases. | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | symfony#13269, symfony#13283 | License | MIT | Doc PR | none See symfony#13269 for the discussion. This workaround avoids destroying the old session after login on the migrate strategy when running under a php version that we know to be broken. Corresponding php bug: https://bugs.php.net/bug.php?id=63379 Commits ------- 5d0b527 [Security] Don't destroy the session on buggy php releases.
diff --git a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php
@@ -47,7 +47,10 @@ public function onAuthentication(Request $request, TokenInterface $token)
                 return;
 
             case self::MIGRATE:
-                $request->getSession()->migrate(true);
+                // Destroying the old session is broken in php 5.4.0 - 5.4.10
+                // See php bug #63379
+                $destroy = PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411;
+                $request->getSession()->migrate($destroy);
 
                 return;
 
diff --git a/src/Symfony/Component/Security/Tests/Http/Session/SessionAuthenticationStrategyTest.php b/src/Symfony/Component/Security/Tests/Http/Session/SessionAuthenticationStrategyTest.php
@@ -39,13 +39,30 @@ public function testUnsupportedStrategy()
 
     public function testSessionIsMigrated()
     {
+        if (PHP_VERSION_ID >= 50400 && PHP_VERSION_ID < 50411) {
+            $this->markTestSkipped('We cannot destroy the old session on PHP 5.4.0 - 5.4.10.');
+        }
+
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
         $session->expects($this->once())->method('migrate')->with($this->equalTo(true));
 
         $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
         $strategy->onAuthentication($this->getRequest($session), $this->getToken());
     }
 
+    public function testSessionIsMigratedWithPhp54Workaround()
+    {
+        if (PHP_VERSION_ID < 50400 || PHP_VERSION_ID >= 50411) {
+            $this->markTestSkipped('This PHP version is not affected.');
+        }
+
+        $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
+        $session->expects($this->once())->method('migrate')->with($this->equalTo(false));
+
+        $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
+        $strategy->onAuthentication($this->getRequest($session), $this->getToken());
+    }
+
     public function testSessionIsInvalidated()
     {
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
