Merge pull request #8736 from caffeineinc/bugfix/4.3-session-timeout-regression

Existing sessions need to set a new cookie on each request, if the
This commit is contained in:
Serge Latyntsev 2019-01-18 10:30:42 +13:00 committed by GitHub
commit 4aaa419360
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -324,6 +324,12 @@ class Session
}
session_start();
// Session start emits a cookie, but only if there's no existing session. If there is a session timeout
// tied to this request, make sure the session is held for the entire timeout by refreshing the cookie age.
if ($timeout && $this->requestContainsSessionId($request)) {
Cookie::set(session_name(), session_id(), $timeout / 86400, $path, $domain ?: null, $secure, true);
}
} else {
// If headers are sent then we can't have a session_cache_limiter otherwise we'll get a warning
session_cache_limiter(null);