8000 merged branch adriensamson/issue-7011 (PR #7013) · symfony/symfony@10ed567 · GitHub
[go: up one dir, main page]
Skip to content

Commit 10ed567

Browse files
fabpotfabpot
committed
merged branch adriensamson/issue-7011 (PR #7013)
This PR was merged into the 2.1 branch. Commits ------- 3615e19 [Security] fixed session creation on login (closes #7011) Discussion ---------- [Security] fixed session creation on login (closes #7011) | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #7011 | License | MIT | Doc PR | n/a I fixed the test with UsernamePasswordToken (should start the session) and added a new test without token (should not start session).
2 parents e50d333 + 3615e19 commit 10ed567

File tree

2 files changed

+23
-2
lines changed

2 files changed

+23
-2
lines changed

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -117,14 +117,16 @@ public function onKernelResponse(FilterResponseEvent $event)
117117
}
118118

119119
$request = $event->getRequest();
120-
$session = $request->hasPreviousSession() ? $request->getSession() : null;
120+
$session = $request->getSession();
121121

122122
if (null === $session) {
123123
return;
124124
}
125125

126126
if ((null === $token = $this->context->getToken()) || ($token instanceof AnonymousToken)) {
127-
$session->remove('_security_'.$this->contextKey);
127+
if ($request->hasPreviousSession()) {
128+
$session->remove('_security_'.$this->contextKey);
129+
}
128130
} else {
129131
$session->set('_security_'.$this->contextKey, serialize($token));
130132
}

src/Symfony/Component/Security/Tests/Http/Firewall/ContextListenerTest.php

Lines changed: 19 additions & 0 deletions
< A5D8 tr class="diff-line-row">
Original file line numberDiff line numberDiff line change
@@ -99,6 +99,25 @@ public function testOnKernelResponseWithoutSession()
9999
$listener = new ContextListener($this->securityContext, array(), 'session');
100100
$listener->onKernelResponse($event);
101101

102+
$this->assertTrue($session->isStarted());
103+
}
104+
105+
public function testOnKernelResponseWithoutSessionNorToken()
106+
{
107+
$request = new Request();
108+
$session = new Session(new MockArraySessionStorage());
109+
$request->setSession($session);
110+
111+
$event = new FilterResponseEvent(
112+
$this->getMock('Symfony\Component\HttpKernel\HttpKernelInterface'),
113+
$request,
114+
HttpKernelInterface::MASTER_REQUEST,
115+
new Response()
116+
);
117+
118+
$listener = new ContextListener($this->securityContext, array(), 'session');
119+
$listener->onKernelResponse($event);
120+
102121
$this->assertFalse($session->isStarted());
103122
}
104123

0 commit comments

Comments
 (0)
0