bug #25398 [HttpFoundation] don't prefix cookies with "Set-Cookie:" (pableu)

nicolas-grekas · nicolas-grekas · commit ec4a160f0ee9 · 2017-12-08T15:02:33.000+01:00
This PR was merged into the 3.4 branch. Discussion ---------- [HttpFoundation] don't prefix cookies with "Set-Cookie:" | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | ? | Fixed tickets | #25393 | License | MIT Commits ------- a4db20f [HttpFoundation] don't prefix cookies with "Set-Cookie:"
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php b/src/Symfony/Component/HttpFoundation/Session/Storage/Handler/AbstractSessionHandler.php
@@ -156,7 +156,7 @@ public function destroy($sessionId)
             if ($sessionCookieFound) {
                 header_remove('Set-Cookie');
                 foreach ($otherCookies as $h) {
-                    header('Set-Cookie:'.$h, false);
+                    header($h, false);
                 }
             } else {
                 setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.expected
@@ -0,0 +1,24 @@
+open
+validateId
+read
+doRead: abc|i:123;
+read
+updateTimestamp
+close
+open
+validateId
+read
+doRead: abc|i:123;
+read
+
+write
+destroy
+doDestroy
+close
+Array
+(
+    [0] => Content-Type: text/plain; charset=utf-8
+    [1] => Cache-Control: max-age=10800, private, must-revalidate
+    [2] => Set-Cookie: abc=def
+)
+shutdown
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.php b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/Fixtures/with_cookie_and_session.php
@@ -0,0 +1,13 @@
+<?php
+
+require __DIR__.'/common.inc';
+
+setcookie('abc', 'def');
+
+session_set_save_handler(new TestSessionHandler('abc|i:123;'), false);
+session_start();
+session_write_close();
+session_start();
+
+$_SESSION['abc'] = 234;
+unset($_SESSION['abc']);

Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ public function destroy($sessionId)`
`156`	`156`	`if ($sessionCookieFound) {`
`157`	`157`	`header_remove('Set-Cookie');`
`158`	`158`	`foreach ($otherCookies as $h) {`
`159`		`- header('Set-Cookie:'.$h, false);`
	`159`	`+ header($h, false);`
`160`	`160`	`}`
`161`	`161`	`} else {`
`162`	`162`	`setcookie($this->sessionName, '', 0, ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), ini_get('session.cookie_httponly'));`