Skip to content

Commit e480b38

Browse files
fabpotfabpot
committed
bug #57372 [HttpKernel][Security] Fix accessing session for stateless request (VincentLanglet)
This PR was squashed before being merged into the 5.4 branch. Discussion ---------- [HttpKernel][Security] Fix accessing session for stateless request |Q|A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? |no | Deprecations? |no | Issues | Fix #... | License | MIT I'm getting some `Session was used while the request was declared stateless.` warning on my project. When throwing an error in the `getSession` method, I found 3 places where the getSession were used without any check about the stateless state of the request. Commits ------- 40341a1 [HttpKernel][Security] Fix accessing session for stateless request
2 parents ec8cb3f + 40341a1 commit e480b38

File tree

4 files changed

+5
-5
lines changed

4 files changed

+5
-5
lines changed

src/Symfony/Component/HttpKernel/DataCollector/RequestDataCollector.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
6666
$sessionMetadata = [];
6767
$sessionAttributes = [];
6868
$flashes = [];
69-
if ($request->hasSession()) {
69+
if (!$request->attributes->getBoolean('_stateless') && $request->hasSession()) {
7070
$session = $request->getSession();
7171
if ($session->isStarted()) {
7272
$sessionMetadata['Created'] = date(\DATE_RFC822, $session->getMetadataBag()->getCreated());

src/Symfony/Component/HttpKernel/EventListener/ProfilerListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ public function onKernelResponse(ResponseEvent $event)
9797
return;
9898
}
9999

100-
$session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
100+
$session = !$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
101101

102102
if ($session instanceof Session) {
103103
$usageIndexValue = $usageIndexReference = &$session->getUsageIndex();

src/Symfony/Component/HttpKernel/Tests/EventListener/ProfilerListenerTest.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,8 @@ public function testKernelTerminate()
4040
->willReturn($profile);
4141

4242
$kernel = $this->createMock(HttpKernelInterface::class);
43-
$mainRequest = $this->createMock(Request::class);
44-
$subRequest = $this->createMock(Request::class);
43+
$mainRequest = new Request();
44+
$subRequest = new Request();
4545
$response = $this->createMock(Response::class);
4646

4747
$requestStack = new RequestStack();

src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ public function authenticate(RequestEvent $event)
9595
}
9696

9797
$request = $event->getRequest();
98-
$session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
98+
$session = !$request->attributes->getBoolean('_stateless') && $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
9999

100100
$request->attributes->set('_security_firewall_run', $this->sessionKey);
101101

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy