Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix unstable session manager #14973

Merged
merged 7 commits into from
Aug 14, 2018
Merged

Fix unstable session manager #14973

Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
5e66f1b
Fix unstable session manager
elioermini May 3, 2018
8f033ac
removed empty line
elioermini May 4, 2018
6ee737b
amended variable naming
elioermini May 4, 2018
d63c2c3
Suppress code standard warning
elioermini May 9, 2018
5dbce2a
Update from review
elioermini May 10, 2018
b186567
Fixed minor issues
Aug 8, 2018
eabccc8
Fixed static test failure
Aug 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 38 additions & 1 deletion lib/internal/Magento/Framework/Session/SessionManager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@
*/
class SessionManager implements SessionManagerInterface
{
/**
* Session destroyed threshold in seconds
*/
const SESSION_DESTROYED_THRESHOLD = 300;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, remove constant and use session lifetime value from the system configuration


/**
* Default options when a call destroy()
*
Expand Down Expand Up @@ -183,10 +188,20 @@ public function start()
// Need to apply the config options so they can be ready by session_start
$this->initIniOptions();
$this->registerSaveHandler();
if (isset($_SESSION['new_session_id'])) {
// Not fully expired yet. Could be lost cookie by unstable network.
session_commit();
session_id($_SESSION['new_session_id']);
}
$sid = $this->sidResolver->getSid($this);
// potential custom logic for session id (ex. switching between hosts)
$this->setSessionId($sid);
session_start();
if (isset($_SESSION['destroyed'])) {
if ($_SESSION['destroyed'] < time() - self::SESSION_DESTROYED_THRESHOLD) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Combine this expression with previous if statement

$this->destroy(['clear_storage' => true]);
}
}
$this->validator->validate($this);
$this->renewCookie($sid);

Expand Down Expand Up @@ -501,7 +516,29 @@ public function regenerateId()
return $this;
}

$this->isSessionExists() ? session_regenerate_id(true) : session_start();
// @codingStandardsIgnoreStart
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this code fragment suppressed?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It has been replaced with the if / else block till line 540

if ($this->isSessionExists()) {
// Regenerate the session
session_regenerate_id();
$newSessionId = session_id();
$_SESSION['new_session_id'] = $newSessionId;
// Set destroy timestamp
$_SESSION['destroyed'] = time();
// Write and close current session;
session_commit();
// Called after destroy()
$oldSession = $_SESSION;
// Start session with new session ID
session_id($newSessionId);
session_start();
$_SESSION = $oldSession;
// New session does not need them
unset($_SESSION['destroyed']);
unset($_SESSION['new_session_id']);
} else {
session_start();
}
// @codingStandardsIgnoreEnd
$this->storage->init(isset($_SESSION) ? $_SESSION : []);

if ($this->sessionConfig->getUseCookies()) {
Expand Down