Development

Changeset 10590

You must first sign up to be able to contribute.

Changeset 10590

Show
Ignore:
Timestamp:
08/01/08 18:01:23 (6 years ago)
Author:
nicolas
Message:

[1.2] backport of r10589 - fixed old session not destroyed when changing authentication state (refs #3927)

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • branches/1.2/lib/storage/sfDatabaseSessionStorage.class.php

    r10426 r10590  
    177177 
    178178    $newId = session_id(); 
     179    $this->sessionRead($newId); 
    179180 
    180     $this->updateSessionId($currentId, $newId); 
     181    return $this->sessionWrite($newId, $this->sessionRead($currentId)); 
    181182  } 
    182  
    183   /** 
    184    * Updates the session id. 
    185    * 
    186    * @param  string   $currentId The current session id 
    187    * @param  string   $newId     The new current id 
    188    *  
    189    * @return Boolean  True if the session id was successfully regenerated 
    190    * @throws sfDatabaseException if an error occured while regenrating the session id 
    191    */ 
    192   abstract protected function updateSessionId($currentId, $newId); 
    193183 
    194184  /** 
  • branches/1.2/lib/storage/sfMySQLSessionStorage.class.php

    r10426 r10590  
    162162 
    163163  /** 
    164    * Updates the session id. 
    165    * 
    166    * @param  string   $currentId The current session id 
    167    * @param  string   $newId     The new current id 
    168    *  
    169    * @return Boolean  True if the session id was successfully regenerated 
    170    * @throws sfDatabaseException if an error occured while regenrating the session id 
    171    */ 
    172   protected function updateSessionId($currentId, $newId) 
    173   { 
    174     // get table/column 
    175     $db_table    = $this->options['db_table']; 
    176     $db_id_col   = $this->options['db_id_col']; 
    177  
    178     // cleanup the session ids, just in case 
    179     $newId     = $this->db_escape($newId); 
    180     $currentId = $this->db_escape($currentId); 
    181  
    182     // update the session id 
    183     $sql = "UPDATE $db_table SET $db_id_col='$newId' WHERE $db_id_col='$currentId'"; 
    184  
    185     if ($this->db_query($sql)) 
    186     { 
    187       return true; 
    188     } 
    189  
    190     // failed to write session data 
    191     throw new sfDatabaseException(sprintf('%s cannot update session id from "%s" to "%s" (%s).', get_class($this), $currentId, $newId, mysql_error())); 
    192   } 
    193  
    194   /** 
    195164   * Executes an SQL Query 
    196165   * 
  • branches/1.2/lib/storage/sfPDOSessionStorage.class.php

    r10531 r10590  
    169169    return true; 
    170170  } 
    171  
    172   /** 
    173    * Updates the session id. 
    174    * 
    175    * @param  string   $currentId The current session id 
    176    * @param  string   $newId     The new current id 
    177    *  
    178    * @return Boolean  True if the session id was successfully regenerated 
    179    * @throws sfDatabaseException if an error occured while regenrating the session id 
    180    */ 
    181   protected function updateSessionId($currentId, $newId) 
    182   { 
    183     // get table/column 
    184     $db_table    = $this->options['db_table']; 
    185     $db_id_col   = $this->options['db_id_col']; 
    186  
    187     // update the session id 
    188     $sql = "UPDATE $db_table SET $db_id_col=? WHERE $db_id_col=?"; 
    189  
    190     try 
    191     { 
    192       $stmt = $this->db->prepare($sql); 
    193       $stmt->bindParam(1, $newId, PDO::PARAM_STR); 
    194       $stmt->bindParam(2, $currentId, PDO::PARAM_STR); 
    195       $stmt->execute(); 
    196     } 
    197     catch (PDOException $e) 
    198     { 
    199       throw new sfDatabaseException(sprintf('PDOException was thrown when trying to manipulate session data. Message: %s', $e->getMessage())); 
    200     } 
    201  
    202     return true; 
    203   } 
    204171} 
  • branches/1.2/lib/storage/sfPostgreSQLSessionStorage.class.php

    r10426 r10590  
    159159    throw new sfDatabaseException(sprintf('sfPostgreSQLSessionStorage cannot write session data for id "%s".', $id)); 
    160160  } 
    161  
    162   /** 
    163    * Updates the session id. 
    164    * 
    165    * @param  string   $currentId The current session id 
    166    * @param  string   $newId     The new current id 
    167    *  
    168    * @return Boolean  True if the session id was successfully regenerated 
    169    * @throws sfDatabaseException if an error occured while regenrating the session id 
    170    */ 
    171   protected function updateSessionId($currentId, $newId) 
    172   { 
    173     // get table/column 
    174     $db_table    = $this->options['db_table']; 
    175     $db_id_col   = $this->options['db_id_col']; 
    176  
    177     // cleanup the session id and data, just in case 
    178     $currentId = addslashes($currentId); 
    179     $newId     = addslashes($newId); 
    180  
    181     // update the session id 
    182     $sql = "UPDATE $db_table SET $db_id_col=? WHERE $db_id_col=?"; 
    183  
    184     if (@pg_query($this->db, $sql)) 
    185     { 
    186       return true; 
    187     } 
    188  
    189     // failed to write session data 
    190     throw new sfDatabaseException(sprintf('% cannot update session id from "%s" to "%s".', get_class($this), $currentId, $newId)); 
    191   } 
    192161} 
  • branches/1.2/test/unit/storage/sfMySQLStorageTest.php

    r10577 r10590  
    1313 
    1414ob_start(); 
    15 $plan = 12
     15$plan = 16
    1616$t = new lime_test($plan, new lime_output_color()); 
    1717 
     
    7272 
    7373// regenerate() 
     74$oldSessionData = 'foo:bar'; 
     75$storage->sessionWrite($session_id, $oldSessionData); 
    7476$storage->regenerate(false); 
    75 $t->isnt(session_id(), $session_id, 'regenerate() regenerated the session id'); 
     77 
     78$newSessionData = 'foo:bar:baz'; 
     79$storage->sessionWrite(session_id(), $newSessionData); 
     80$t->isnt(session_id(), $session_id, 'regenerate() regenerated the session with a different session id'); 
     81 
     82// checking if the old session record still exists 
     83$result = mysql_query(sprintf('SELECT sess_data FROM session WHERE sess_id = "%s"', $session_id), $connection); 
     84$t->is(mysql_num_rows($result), 1, 'regenerate() has kept destroyed old session'); 
     85$rSessionData = list($thisSessData) = mysql_fetch_row($result); 
     86$t->is($rSessionData[0], $oldSessionData, 'regenerate() has kept destroyed old session data'); 
     87 
     88// checking if the new session record has been created 
     89$result = mysql_query(sprintf('SELECT sess_data FROM session WHERE sess_id = "%s"', session_id()), $connection); 
     90$t->is(mysql_num_rows($result), 1, 'regenerate() has created a new session record'); 
     91$rSessionData = list($thisSessData) = mysql_fetch_row($result); 
     92$t->is($rSessionData[0], $newSessionData, 'regenerate() has created a new record with correct data'); 
     93 
    7694$session_id = session_id(); 
    77  
    78 // do some session operations 
    79 $_SESSION['foo'] = 'bar'; 
    80 $_SESSION['bar'] = 'foo'; 
    81 unset($_SESSION['foo']); 
    82 $session_data = session_encode(); 
    83  
    84 // end of session 
    85 session_write_close(); 
    8695 
    8796// check session data in the database 
     
    8998list($thisSessData) = mysql_fetch_row($result); 
    9099$t->is(mysql_num_rows($result), 1, 'session is stored in the database'); 
    91 $t->is($thisSessData, $session_data, 'session variables are stored in the database'); 
     100$t->is($thisSessData, $newSessionData, 'session variables are stored in the database'); 
    92101 
    93102mysql_free_result($result); 
     
    104113  $t->fail('sessionRead() does not throw an exception'); 
    105114} 
    106 $t->is($retrieved_data, $session_data, 'sessionRead() reads session data'); 
     115$t->is($retrieved_data, $newSessionData, 'sessionRead() reads session data'); 
    107116 
    108117// sessionWrite() 
    109 $_SESSION['baz'] = 'woo'; 
    110 $session_data = session_encode(); 
     118$otherSessionData = 'foo:foo:foo'; 
    111119try 
    112120{ 
    113   $write = $storage->sessionWrite($session_id, $session_data); 
     121  $write = $storage->sessionWrite($session_id, $otherSessionData); 
    114122  $t->pass('sessionWrite() does not throw an exception'); 
    115123} 
     
    120128 
    121129$t->ok($write, 'sessionWrite() returns true'); 
    122 $t->is($storage->sessionRead($session_id), $session_data, 'sessionWrite() wrote session data'); 
     130$t->is($storage->sessionRead($session_id), $otherSessionData, 'sessionWrite() wrote session data'); 
    123131 
    124132// sessionDestroy() 
     
    140148mysql_free_result($result); 
    141149unset($count, $result); 
    142  
    143 mysql_query('DROP DATABASE sf_mysql_storage_unit_test', $connection); 
    144  
    145 // shutdown the storage 
    146 $storage->shutdown(); 
    147  
    148 // shutdown the database 
    149 $database->shutdown(); 
    150  
    151 unset($mysql_config); 
  • branches/1.2/test/unit/storage/sfPDOSessionStorageTest.php

    r10577 r10590  
    1212 
    1313ob_start(); 
    14 $t = new lime_test(13, new lime_output_color()); 
     14$t = new lime_test(15, new lime_output_color()); 
    1515 
    1616if (!extension_loaded('SQLite')) 
     
    3333 
    3434// regenerate() 
     35$oldSessionData = 'foo:bar'; 
     36$storage->sessionWrite($session_id, $oldSessionData); 
    3537$storage->regenerate(false); 
    36 $t->isnt(session_id(), $session_id, 'regenerate() regenerated the session id'); 
    37 $session_id = session_id(); 
    3838 
    39 // do some session operations 
    40 $_SESSION['foo'] = 'bar'; 
    41 $_SESSION['bar'] = 'foo'; 
    42 unset($_SESSION['foo']); 
    43 $session_data = session_encode(); 
     39$newSessionData = 'foo:bar:baz'; 
     40$storage->sessionWrite(session_id(), $newSessionData); 
     41$t->isnt(session_id(), $session_id, 'regenerate() regenerated the session with a different session id'); 
    4442 
    45 // end of session 
    46 session_write_close(); 
    47  
    48 // check session data in the database 
     43// checking if the old session record still exists 
    4944$result = $connection->query(sprintf('SELECT sess_id, sess_data FROM session WHERE sess_id = "%s"', $session_id)); 
    5045$data = $result->fetchAll(); 
    51 $t->is(count($data), 1, 'session is stored in the database'); 
    52 $t->is($data[0]['sess_data'], $session_data, 'session variables are stored in the database'); 
     46$t->is(count($data), 1, 'regenerate() has kept destroyed old session'); 
     47$t->is($data[0]['sess_data'], $oldSessionData, 'regenerate() has kept destroyed old session data'); 
     48 
     49// checking if the new session record has been created 
     50$result = $connection->query(sprintf('SELECT sess_id, sess_data FROM session WHERE sess_id = "%s"', session_id())); 
     51$data = $result->fetchAll(); 
     52$t->is(count($data), 1, 'regenerate() has created a new session record'); 
     53$t->is($data[0]['sess_data'], $newSessionData, 'regenerate() has created a new record with correct data'); 
     54 
     55$session_id = session_id(); 
    5356 
    5457// sessionRead() 
     
    6265  $t->fail('sessionRead() does not throw an exception'); 
    6366} 
    64 $t->is($retrieved_data, $session_data, 'sessionRead() reads session data'); 
     67$t->is($retrieved_data, $newSessionData, 'sessionRead() reads session data'); 
    6568 
    6669// sessionWrite() 
    67 $_SESSION['baz'] = 'woo'; 
    68 $session_data = session_encode(); 
     70$otherSessionData = 'foo:foo:foo'; 
    6971try 
    7072{ 
    71   $write = $storage->sessionWrite($session_id, $session_data); 
     73  $write = $storage->sessionWrite($session_id, $otherSessionData); 
    7274  $t->pass('sessionWrite() does not throw an exception'); 
    7375} 
     
    7880 
    7981$t->ok($write, 'sessionWrite() returns true'); 
    80 $t->is($storage->sessionRead($session_id), $session_data, 'sessionWrite() wrote session data'); 
     82$t->is($storage->sessionRead($session_id), $otherSessionData, 'sessionWrite() wrote session data'); 
    8183 
    8284// sessionGC()