T14688 session key unique

CHANGELOG-4.0.md

@@ -4,13 +4,15 @@
 ## Changed
 - Changed the logic when logging times for `Phalcon\Logger` to use `DateTimeImmutable` so as to handle microseconds if necessary. [#2893](https://github.com/phalcon/cphalcon/issues/2893)
 - Changed `Phalcon\Http\Cookie::send` and `Phalcon\Http\Cookie::delete` to allow for `samesite` to be passed in the `options` when using PHP > 7.3 [#14627](https://github.com/phalcon/cphalcon/issues/14627)
+
 ## Fixed
 - Fixed `Phalcon\Mvc\Model\Criteria` Di isn't set when using `Criteria::fromInput()` [#14538](https://github.com/phalcon/cphalcon/issues/14639)
 - Fixed `Phalcon\Db\Dialect\Mysql` removing unnecessary parentheses for `double` and `float` [#14645](https://github.com/phalcon/cphalcon/pull/14645) [@pfz](https://github.com/pfz)
 - Fixed `Phalcon\Http\Cookie::delete` to parse the correct parameters - cannot use alternative syntax until PHP 7.3 [#14643](https://github.com/phalcon/cphalcon/issues/14643)
 - Fixed `Phalcon\Mvc\Model::__isset` to take into account non visible properties by checking the getter if it exists [#13518](https://github.com/phalcon/cphalcon/issues/13518) [#13900](https://github.com/phalcon/cphalcon/issues/13900)
 - Fixed `Phalcon\Mvc\Model::__set` to return a more informative message if we are tying to access a non visible property [#13518](https://github.com/phalcon/cphalcon/issues/13518) [#13900](https://github.com/phalcon/cphalcon/issues/13900)
 - Fixed `Phalcon\Mvc\Model\Resultset\Simple::toArray` to correctly process virtual fields [#14669](https://github.com/phalcon/cphalcon/issues/14669)
+- Fixed `Phalcon\Session\Manager::getUniqueKey` to prefix the key only if `uniqueId` is present [#14688](https://github.com/phalcon/cphalcon/issues/14688)
 
 # [4.0.0](https://github.com/phalcon/cphalcon/releases/tag/v4.0.0) (2019-12-21)
 

phalcon/Session/Manager.zep

@@ -359,6 +359,14 @@ class Manager extends AbstractInjectionAware implements ManagerInterface
      */
     private function getUniqueKey(string key) -> string
     {
-        return this->uniqueId . "#" . key;
+        var uniqueId;
+
+        let uniqueId = this->uniqueId;
+
+		if !empty uniqueId {
+			return this->uniqueId . "#" . key;
+		} else {
+			return key;
+		}
     }
 }

tests/integration/Session/Manager/ExistsDestroyCest.php

@@ -32,6 +32,9 @@ class ExistsDestroyCest
     public function sessionManagerExistsDestroy(IntegrationTester $I)
     {
         $I->wantToTest('Session\Manager - exists()/destroy()');
+        $store = $_SESSION ?? [];
+        $_SESSION = [];
+
         $manager = new Manager();
         $files   = $this->getSessionStream();
         $manager->setAdapter($files);
@@ -46,6 +49,8 @@ public function sessionManagerExistsDestroy(IntegrationTester $I)
 
         $actual = $manager->exists();
         $I->assertFalse($actual);
+
+        $_SESSION = $store;
     }
 
     /**
@@ -60,6 +65,9 @@ public function sessionManagerExistsDestroy(IntegrationTester $I)
     public function sessionManagerDestroySuperGlobal(IntegrationTester $I)
     {
         $I->wantToTest('Session\Manager - destroy() - clean $_SESSION');
+        $store = $_SESSION ?? [];
+        $_SESSION = [];
+
         $manager = new Manager();
         $files   = $this->getSessionStream();
         $manager->setAdapter($files);
@@ -71,13 +79,57 @@ public function sessionManagerDestroySuperGlobal(IntegrationTester $I)
         $I->assertTrue($actual);
 
         $manager->set('test1', __METHOD__);
-        $I->assertArrayHasKey('#test1', $_SESSION);
-        $I->assertContains(__METHOD__, $_SESSION['#test1']);
+        $I->assertArrayHasKey('test1', $_SESSION);
+        $I->assertContains(__METHOD__, $_SESSION['test1']);
 
         $manager->destroy();
-        $I->assertArrayNotHasKey('#test1', $_SESSION);
+        $I->assertArrayNotHasKey('test1', $_SESSION);
 
         $actual = $manager->exists();
         $I->assertFalse($actual);
+
+        $_SESSION = $store;
+    }
+
+    /**
+     * Tests Phalcon\Session\Manager :: destroy() - clean $_SESSION with uniquid
+     *
+     * @author Phalcon Team <[email protected]>
+     * @since  2020-01-06
+     */
+    public function sessionManagerDestroySuperGlobalUniquid(IntegrationTester $I)
+    {
+        $I->wantToTest('Session\Manager - destroy() - clean $_SESSION with uniquid');
+
+        $store = $_SESSION ?? [];
+        $_SESSION = [];
+
+        $manager = new Manager();
+        $files   = $this->getSessionStream();
+        $manager->setAdapter($files);
+        $manager->setOptions(
+            [
+                'uniqueId' => 'aaa'
+            ]
+        );
+
+        $actual = $manager->start();
+        $I->assertTrue($actual);
+
+        $actual = $manager->exists();
+        $I->assertTrue($actual);
+
+        $manager->set('test1', __METHOD__);
+
+        $I->assertArrayHasKey('aaa#test1', $_SESSION);
+        $I->assertContains(__METHOD__, $_SESSION['aaa#test1']);
+
+        $manager->destroy();
+        $I->assertArrayNotHasKey('aaa#test1', $_SESSION);
+
+        $actual = $manager->exists();
+        $I->assertFalse($actual);
+
+        $_SESSION = $store;
     }
 }