Skip to content
This repository was archived by the owner on Jan 31, 2020. It is now read-only.
This repository was archived by the owner on Jan 31, 2020. It is now read-only.

Tests for SessionManager preserveStorage flag #50

Open
Open
Tests for SessionManager preserveStorage flag#50
@GeeH

Description

@GeeH
GeeH
opened on Jun 28, 2016

This issue has been moved from the zendframework repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html

Original Issue: https://api.github.com/repos/zendframework/zendframework/issues/7129
User: @Martin-P
Created On: 2015-01-16T18:01:35Z
Updated At: 2015-03-19T20:26:23Z
Body
Zend/Session/SessionManager::start() has an optional flag $preserveStorage: Zend/Session/SessionManager line 84

If set to true, current session storage will not be overwritten by the contents of $_SESSION.

This PR tests that functionality. Not all tests pass, because the $preserveStorage flag is not working as it should.

Comment

User: @Ocramius
Created On: 2015-02-01T13:03:29Z
Updated At: 2015-02-01T13:03:29Z
Body
@Martin-P that functionality actually never worked in 2.x as far as I can see...

Comment

User: @Martin-P
Created On: 2015-02-01T20:49:04Z
Updated At: 2015-02-01T20:49:04Z
Body
That's possible, I only added the tests for what it should do. Not sure if it needs fixing if nobody uses this feature.

Comment

User: @weierophinney
Created On: 2015-03-18T16:42:09Z
Updated At: 2015-03-18T16:42:09Z
Body
@Martin-P want to take a crack at making it work? If so, I need changes by tomorrow, 19 March 2015.

Comment

User: @Martin-P
Created On: 2015-03-18T20:53:30Z
Updated At: 2015-03-18T20:53:30Z
Body
@weierophinney I do not think this can ever work. The security fix for session validators made me aware of this feature (zendframework/zendframework@ddbf43a). The preservation of $_SESSION data is part of the security fix. Making the preservation of $_SESSION data optional would compromise the security fix.

To make this work the security fix needs a change. The tests covering the security fix are present, so theoretically it should not be a problem. I don't know if you consider it an option to change the security fix?

Comment

User: @weierophinney
Created On: 2015-03-18T22:17:30Z
Updated At: 2015-03-18T22:17:30Z
Body
@Martin-P We can change the security fix so long as the tests introduced by it continue to pass.

Comment

User: @Martin-P
Created On: 2015-03-18T22:29:16Z
Updated At: 2015-03-18T22:29:16Z
Body
I can take a look at this, but I think it will be after the 2.4.0 release however.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions