Don't call session_start() after ini_set()

Icinga · Jan 24, 2018 · 055dca6 · 055dca6
1 parent 2d5140a
commit 055dca6
Show file tree

Hide file tree

Showing 4 changed files with 138 additions and 2 deletions.
diff --git a/library/Icinga/Web/Session.php b/library/Icinga/Web/Session.php
@@ -29,7 +29,7 @@ class Session
     public static function create(BaseSession $session = null)
     {
         if ($session === null) {
-            self::$session = new PhpSession();
+            self::$session = PhpSession::create();
         } else {
             self::$session = $session;
         }

diff --git a/library/Icinga/Web/Session/Php72Session.php b/library/Icinga/Web/Session/Php72Session.php
@@ -0,0 +1,121 @@
+<?php
+/* Icinga Web 2 | (c) 2017 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Web\Session;
+
+use Icinga\Application\Logger;
+use Icinga\Exception\ConfigurationError;
+use Icinga\Web\Cookie;
+
+/**
+ * Session implementation in PHP
+ */
+class Php72Session extends PhpSession
+{
+    /**
+     * Open a PHP session
+     */
+    protected function open()
+    {
+        session_name($this->sessionName);
+
+        $cookie = new Cookie('bogus');
+        session_set_cookie_params(
+            0,
+            $cookie->getPath(),
+            $cookie->getDomain(),
+            $cookie->isSecure(),
+            true
+        );
+
+        session_start(array(
+            'use_cookies'       => true,
+            'use_only_cookies'  => true,
+            'use_trans_sid'     => false
+        ));
+    }
+
+    /**
+     * Read all values written to the underling session and make them accessible.
+     */
+    public function read()
+    {
+        $this->clear();
+        $this->open();
+
+        foreach ($_SESSION as $key => $value) {
+            if (strpos($key, self::NAMESPACE_PREFIX) === 0) {
+                $namespace = new SessionNamespace();
+                $namespace->setAll($value);
+                $this->namespaces[substr($key, strlen(self::NAMESPACE_PREFIX))] = $namespace;
+            } else {
+                $this->set($key, $value);
+            }
+        }
+
+        session_write_close();
+    }
+
+    /**
+     * Write all values of this session object to the underlying session implementation
+     */
+    public function write()
+    {
+        $this->open();
+
+        foreach ($this->removed as $key) {
+            unset($_SESSION[$key]);
+        }
+        foreach ($this->values as $key => $value) {
+            $_SESSION[$key] = $value;
+        }
+        foreach ($this->removedNamespaces as $identifier) {
+            unset($_SESSION[self::NAMESPACE_PREFIX . $identifier]);
+        }
+        foreach ($this->namespaces as $identifier => $namespace) {
+            $_SESSION[self::NAMESPACE_PREFIX . $identifier] = $namespace->getAll();
+        }
+
+        session_write_close();
+    }
+
+    /**
+     * Delete the current session, causing all session information to be lost
+     */
+    public function purge()
+    {
+        $this->open();
+        $_SESSION = array();
+        $this->clear();
+        session_destroy();
+        $this->clearCookies();
+        session_write_close();
+    }
+
+    /**
+     * @see Session::getId()
+     */
+    public function getId()
+    {
+        if (($id = session_id()) === '') {
+            // Make sure we actually get a id
+            $this->open();
+            session_write_close();
+            $id = session_id();
+        }
+
+        return $id;
+    }
+
+    /**
+     * Assign a new sessionId to the currently active session
+     */
+    public function refreshId()
+    {
+        $this->open();
+        if ($this->exists()) {
+            session_regenerate_id();
+        }
+        session_write_close();
+    }
+}
diff --git a/library/Icinga/Web/Session/PhpSession.php b/library/Icinga/Web/Session/PhpSession.php
@@ -33,6 +33,21 @@ class PhpSession extends Session
      */
     protected $sessionName = 'Icingaweb2';
 
+    /**
+     * Create a new PHPSession object using the provided options (if any)
+     *
+     * @param   array   $options    An optional array of ini options to set
+     *
+     * @return  static
+     *
+     * @throws  ConfigurationError
+     * @see     http://php.net/manual/en/session.configuration.php
+     */
+    public static function create(array $options = null)
+    {
+        return version_compare(PHP_VERSION, '7.2.0') < 0 ? new self($options) : new Php72Session($options);
+    }
+
     /**
      * Create a new PHPSession object using the provided options (if any)
      *

diff --git a/test/php/library/Icinga/Web/Session/PhpSessionTest.php b/test/php/library/Icinga/Web/Session/PhpSessionTest.php
@@ -13,7 +13,7 @@ private function getSession()
         if (!is_writable('/tmp')) {
             $this->markTestSkipped('Could not write to session directory');
         }
-        return new PhpSession(
+        return PhpSession::create(
             array(
                 'use_cookies'   => false,
                 'save_path'     => '/tmp',