merged branch lancergr/ticket_8460 (PR #8969)

fabpot · fabpot · commit 1271a4cdee25 · 2013-09-13T12:11:19.000+02:00
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes #8969). Discussion ---------- [HttpFoundation] NativeSessionStorage regenerate | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #8460 | License | MIT | Doc PR | Since session_start is called by the regenerate function, then the 'started' flag of NativeSessionStorage have to be set to true. Otherwise, the variable $_SESSION is initiated and the exception "Failed to start the session: already started by PHP ($_SESSION is set)." is thrown. This can be reproduced by clearing the session data (cookies) before authenticating with a method that does not require csrf (eg. using the confirmation link of FOSUserBundle). Commits ------- 7a0eeb3 [HttpFoundation] NativeSessionStorage regenerate
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
@@ -217,6 +217,8 @@ public function regenerate($destroy = false, $lifetime = null)
             } else {
                 session_start();
             }
+            
+            $this->loadSession();
         }
 
         return $ret;

Original file line number	Diff line number	Diff line change
`@@ -217,6 +217,8 @@ public function regenerate($destroy = false, $lifetime = null)`
`217`	`217`	`} else {`
`218`	`218`	`session_start();`
`219`	`219`	`}`
	`220`	`+`
	`221`	`+ $this->loadSession();`
`220`	`222`	`}`
`221`	`223`
`222`	`224`	`return $ret;`