Fix session's moving from Joomla 3 to Joomla 4

administrator/components/com_admin/script.php

@@ -102,10 +102,6 @@ public function update($installer)
 		$this->clearStatsCache();
 		$this->convertTablesToUtf8mb4(true);
 		$this->cleanJoomlaCache();
-
-		// VERY IMPORTANT! THIS METHOD SHOULD BE CALLED LAST, SINCE IT COULD
-		// LOGOUT ALL THE USERS
-		$this->flushSessions();
 	}
 
 	/**
@@ -6309,66 +6305,6 @@ public function updateAssets($installer)
 		return true;
 	}
 
-	/**
-	 * If we migrated the session from the previous system, flush all the active sessions.
-	 * Otherwise users will be logged in, but not able to do anything since they don't have
-	 * a valid session
-	 *
-	 * @return  boolean
-	 */
-	public function flushSessions()
-	{
-		/**
-		 * The session may have not been started yet (e.g. CLI-based Joomla! update scripts). Let's make sure we do
-		 * have a valid session.
-		 */
-		$session = Factory::getSession();
-
-		/**
-		 * Restarting the Session require a new login for the current user so lets check if we have an active session
-		 * and only restart it if not.
-		 * For B/C reasons we need to use getState as isActive is not available in 2.5
-		 */
-		if ($session->getState() !== 'active')
-		{
-			$session->restart();
-		}
-
-		// If $_SESSION['__default'] is no longer set we do not have a migrated session, therefore we can quit.
-		if (!isset($_SESSION['__default']))
-		{
-			return true;
-		}
-
-		$db = Factory::getDbo();
-
-		try
-		{
-			switch ($db->getServerType())
-			{
-				// MySQL database, use TRUNCATE (faster, more resilient)
-				case 'mysql':
-					$db->truncateTable('#__session');
-					break;
-
-				// Non-MySQL databases, use a simple DELETE FROM query
-				default:
-					$query = $db->getQuery(true)
-						->delete($db->quoteName('#__session'));
-					$db->setQuery($query)->execute();
-					break;
-			}
-		}
-		catch (Exception $e)
-		{
-			echo Text::sprintf('JLIB_DATABASE_ERROR_FUNCTION_FAILED', $e->getCode(), $e->getMessage()) . '<br>';
-
-			return false;
-		}
-
-		return true;
-	}
-
 	/**
 	 * Converts the site's database tables to support UTF-8 Multibyte.
 	 *

libraries/src/Session/Session.php

@@ -24,6 +24,27 @@
  */
 class Session extends BaseSession
 {
+	/**
+	 * Constructor
+	 *
+	 * @param   StorageInterface     $store       A StorageInterface implementation.
+	 * @param   DispatcherInterface  $dispatcher  DispatcherInterface for the session to use.
+	 * @param   array                $options     Optional parameters. Supported keys include:
+	 *                                            - name: The session name
+	 *                                            - id: The session ID
+	 *                                            - expire: The session lifetime in seconds
+	 *
+	 * @since   1.0
+	 */
+	public function __construct(StorageInterface $store = null, DispatcherInterface $dispatcher = null, array $options = [])
+	{
+		// Extra hash the name of the session for b/c with Joomla 3.x or the session is never found.
+		if (isset($options['name']))
+		{
+			$options['name'] = md5($options['name']);
+		}
+	}
+
 	/**
 	 * Checks for a form token in the request.
 	 *
@@ -169,11 +190,24 @@ public function get($name, $default = null)
 					'deprecated'
 				);
 
-				$name = $args[2] . '.' . $name;
+				$name = '__' . $args[2] . '.' . $name;
 			}
 		}
 
-		return parent::get($name, $default);
+		// More b/c for retrieving sessions that originated in Joomla 3. This will be removed in Joomla 5
+		// as no sessions should have this format anymore!
+		if ($this->has($name))
+		{
+			return parent::get($name, $default);
+		}
+		elseif ($this->has('__default.' . $name))
+		{
+			return parent::get('__default.' . $name, $default);
+		}
+		else
+		{
+			return $default;
+		}
 	}
 
 	/**