Merge branch '5.4' into 6.0

nicolas-grekas · nicolas-grekas · commit 090f30981fce · 2022-04-12T18:32:28.000+02:00
* 5.4:
  [HttpKernel] Use the existing session id if available.
diff --git a/EventListener/AbstractSessionListener.php b/EventListener/AbstractSessionListener.php
@@ -70,17 +70,17 @@ public function onKernelRequest(RequestEvent $event)
             $request->setSessionFactory(function () use (&$sess, $request) {
                 if (!$sess) {
                     $sess = $this->getSession();
-                }
 
-                /*
-                 * For supporting sessions in php runtime with runners like roadrunner or swoole, the session
-                 * cookie needs to be read from the cookie bag and set on the session storage.
-                 *
-                 * Do not set it when a native php session is active.
-                 */
-                if ($sess && !$sess->isStarted() && \PHP_SESSION_ACTIVE !== session_status()) {
-                    $sessionId = $request->cookies->get($sess->getName(), '');
-                    $sess->setId($sessionId);
+                    /*
+                     * For supporting sessions in php runtime with runners like roadrunner or swoole, the session
+                     * cookie needs to be read from the cookie bag and set on the session storage.
+                     *
+                     * Do not set it when a native php session is active.
+                     */
+                    if ($sess && !$sess->isStarted() && \PHP_SESSION_ACTIVE !== session_status()) {
+                        $sessionId = $sess->getId() ?: $request->cookies->get($sess->getName(), '');
+                        $sess->setId($sessionId);
+                    }
                 }
 
                 return $sess;
diff --git a/Tests/EventListener/SessionListenerTest.php b/Tests/EventListener/SessionListenerTest.php
@@ -213,6 +213,40 @@ public function testSessionCookieNotWrittenCookieGiven()
         $this->assertCount(0, $cookies);
     }
 
+    /**
+     * @runInSeparateProcess
+     */
+    public function testNewSessionIdIsNotOverwritten()
+    {
+        $newSessionId = $this->createValidSessionId();
+
+        $this->assertNotEmpty($newSessionId);
+
+        $request = new Request();
+        $request->cookies->set('PHPSESSID', 'OLD-SESSION-ID');
+
+        $listener = $this->createListener($request, new NativeSessionStorageFactory());
+
+        $kernel = $this->createMock(HttpKernelInterface::class);
+        $listener->onKernelRequest(new RequestEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST));
+
+        $session = $request->getSession();
+        $this->assertSame($newSessionId, $session->getId());
+        $session->set('hello', 'world');
+
+        $response = new Response();
+        $listener->onKernelResponse(new ResponseEvent($kernel, $request, HttpKernelInterface::MAIN_REQUEST, $response));
+        $this->assertSame($newSessionId, $session->getId());
+
+        $cookies = $response->headers->getCookies();
+
+        $this->assertCount(1, $cookies);
+        $sessionCookie = $cookies[0];
+
+        $this->assertSame('PHPSESSID', $sessionCookie->getName());
+        $this->assertSame($newSessionId, $sessionCookie->getValue());
+    }
+
     /**
      * @runInSeparateProcess
      */
@@ -525,7 +559,7 @@ public function testUninitializedSessionWithoutInitializedSession()
     public function testSurrogateMainRequestIsPublic()
     {
         $session = $this->createMock(Session::class);
-        $session->expects($this->exactly(2))->method('getName')->willReturn('PHPSESSID');
+        $session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
         $session->expects($this->exactly(2))->method('getUsageIndex')->will($this->onConsecutiveCalls(0, 1));
         $sessionFactory = $this->createMock(SessionFactory::class);
         $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
@@ -565,9 +599,14 @@ public function testSurrogateMainRequestIsPublic()
     public function testGetSessionIsCalledOnce()
     {
         $session = $this->createMock(Session::class);
+<<<<<<< HEAD
         $session->expects($this->exactly(2))->method('getName')->willReturn('PHPSESSID');
         $sessionFactory = $this->createMock(SessionFactory::class);
         $sessionFactory->expects($this->once())->method('createSession')->willReturn($session);
+=======
+        $session->expects($this->exactly(1))->method('getName')->willReturn('PHPSESSID');
+        $sessionStorage = $this->createMock(NativeSessionStorage::class);
+>>>>>>> 5.4
         $kernel = $this->createMock(KernelInterface::class);
 
         $requestStack = new RequestStack();
