bug #13048 [Security] Delete old session on auth strategy migrate (xelaris)

fabpot · fabpot · commit 901d1de344a5 · 2014-12-20T13:20:33.000+01:00
This PR was merged into the 2.3 branch. Discussion ---------- [Security] Delete old session on auth strategy migrate | Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #13026 | License | MIT | Doc PR | As identified by @austinh in #13026 there are two sessions after authentication, since the previous session is migrated to a new one by ``session_regenerate_id``. This PR ensures the old session is been deleted immediately on migration. I can't see any drawbacks, but if the change would break BC, another approach would be to add a new strategy like ``switch`` to enable instant deletion of the old session. Commits ------- 5dd11e6 [Security] Delete old session on auth strategy migrate
diff --git a/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php b/src/Symfony/Component/Security/Http/Session/SessionAuthenticationStrategy.php
@@ -47,7 +47,7 @@ public function onAuthentication(Request $request, TokenInterface $token)
                 return;
 
             case self::MIGRATE:
-                $request->getSession()->migrate();
+                $request->getSession()->migrate(true);
 
                 return;
 
diff --git a/src/Symfony/Component/Security/Tests/Http/Session/SessionAuthenticationStrategyTest.php b/src/Symfony/Component/Security/Tests/Http/Session/SessionAuthenticationStrategyTest.php
@@ -47,7 +47,7 @@ public function testUnsupportedStrategy()
     public function testSessionIsMigrated()
     {
         $session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');
-        $session->expects($this->once())->method('migrate');
+        $session->expects($this->once())->method('migrate')->with($this->equalTo(true));
 
         $strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);
         $strategy->onAuthentication($this->getRequest($session), $this->getToken());

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ public function testUnsupportedStrategy()`
65B6 `47`	`47`	`public function testSessionIsMigrated()`
`48`	`48`	`{`
`49`	`49`	`$session = $this->getMock('Symfony\Component\HttpFoundation\Session\SessionInterface');`
`50`		`- $session->expects($this->once())->method('migrate');`
	`50`	`+ $session->expects($this->once())->method('migrate')->with($this->equalTo(true));`
`51`	`51`
`52`	`52`	`$strategy = new SessionAuthenticationStrategy(SessionAuthenticationStrategy::MIGRATE);`
`53`	`53`	`$strategy->onAuthentication($this->getRequest($session), $this->getToken());`