#8543 Resolve Duplicate Headers

- Replace session name lookup with function to also check secure cookies
- Added timeout which defaults to 0 (same as PHP)
- Removed php7 style of session_start from PR
- moved session_start into headers sent block to prevent warnings.
This commit is contained in:
Simon Gow 2018-12-03 12:28:21 +13:00 committed by Serge Latyntcev
parent 4eb6669c08
commit 1edfa4d956

View File

@ -301,20 +301,15 @@ class Session
// If the session cookie is already set, then the session can be read even if headers_sent() = true // If the session cookie is already set, then the session can be read even if headers_sent() = true
// This helps with edge-case such as debugging. // This helps with edge-case such as debugging.
$data = []; $data = [];
if (!session_id() && (!headers_sent() || !empty($_COOKIE[ini_get('session.name')]))) { if (!session_id() && (!headers_sent() || $this->requestContainsSessionId($request))) {
if (!headers_sent()) { if (!headers_sent()) {
session_set_cookie_params($timeout, $path, $domain ?: null, $secure, true); session_set_cookie_params($timeout ?: 0, $path, $domain ?: null, $secure, true);
$limiter = $this->config()->get('sessionCacheLimiter'); $limiter = $this->config()->get('sessionCacheLimiter');
if (isset($limiter)) { if (isset($limiter)) {
session_cache_limiter($limiter); session_cache_limiter($limiter);
} }
// If headers are sent then we can't have a session_cache_limiter otherwise we'll get a warning
} else {
session_cache_limiter(null);
}
// Allow storing the session in a non standard location // Allow storing the session in a non standard location
if ($session_path) { if ($session_path) {
session_save_path($session_path); session_save_path($session_path);
@ -328,15 +323,12 @@ class Session
session_name($this->config()->get('cookie_name_secure')); session_name($this->config()->get('cookie_name_secure'));
} }
$sessionParameters = [ session_start();
"cookie_path" => $path,
"cookie_domain" => $domain ?: "",
"cookie_lifetime" => $timeout ?: 0,
"cookie_secure" => $secure,
"cookie_httponly" => true
];
session_start($sessionParameters); } else {
// If headers are sent then we can't have a session_cache_limiter otherwise we'll get a warning
session_cache_limiter(null);
}
if (isset($_SESSION)) { if (isset($_SESSION)) {
// Initialise data from session store if present // Initialise data from session store if present