Skip to content
This repository has been archived by the owner on Jan 31, 2020. It is now read-only.

Tests for SessionManager preserveStorage flag #50

Open
GeeH opened this issue Jun 28, 2016 · 1 comment
Open

Tests for SessionManager preserveStorage flag #50

GeeH opened this issue Jun 28, 2016 · 1 comment

Comments

@GeeH
Copy link
Contributor

GeeH commented Jun 28, 2016

This issue has been moved from the zendframework repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html

Original Issue: https://api.github.com/repos/zendframework/zendframework/issues/7129
User: @Martin-P
Created On: 2015-01-16T18:01:35Z
Updated At: 2015-03-19T20:26:23Z
Body
Zend/Session/SessionManager::start() has an optional flag $preserveStorage: Zend/Session/SessionManager line 84

If set to true, current session storage will not be overwritten by the contents of $_SESSION.

This PR tests that functionality. Not all tests pass, because the $preserveStorage flag is not working as it should.

Comment

User: @Ocramius
Created On: 2015-02-01T13:03:29Z
Updated At: 2015-02-01T13:03:29Z
Body
@Martin-P that functionality actually never worked in 2.x as far as I can see...

Comment

User: @Martin-P
Created On: 2015-02-01T20:49:04Z
Updated At: 2015-02-01T20:49:04Z
Body
That's possible, I only added the tests for what it should do. Not sure if it needs fixing if nobody uses this feature.

Comment

User: @weierophinney
Created On: 2015-03-18T16:42:09Z
Updated At: 2015-03-18T16:42:09Z
Body
@Martin-P want to take a crack at making it work? If so, I need changes by tomorrow, 19 March 2015.

Comment

User: @Martin-P
Created On: 2015-03-18T20:53:30Z
Updated At: 2015-03-18T20:53:30Z
Body
@weierophinney I do not think this can ever work. The security fix for session validators made me aware of this feature (zendframework/zendframework@ddbf43a). The preservation of $_SESSION data is part of the security fix. Making the preservation of $_SESSION data optional would compromise the security fix.

To make this work the security fix needs a change. The tests covering the security fix are present, so theoretically it should not be a problem. I don't know if you consider it an option to change the security fix?

Comment

User: @weierophinney
Created On: 2015-03-18T22:17:30Z
Updated At: 2015-03-18T22:17:30Z
Body
@Martin-P We can change the security fix so long as the tests introduced by it continue to pass.

Comment

User: @Martin-P
Created On: 2015-03-18T22:29:16Z
Updated At: 2015-03-18T22:29:16Z
Body
I can take a look at this, but I think it will be after the 2.4.0 release however.
@GeeH GeeH mentioned this issue Jun 28, 2016
Closed
@weierophinney weierophinney mentioned this issue Dec 31, 2019
Open
@weierophinney
Copy link
Member

This repository has been closed and moved to laminas/laminas-session; a new issue has been opened at laminas/laminas-session#18.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@weierophinney @GeeH