From 7474a6799b44e4988b6a7a4adcc2901ec0b993b4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 31 Oct 2014 23:35:32 +0200 Subject: #3073 (feature/session): Fix session_regenerate_id() issues --- .../Session/drivers/Session_redis_driver.php | 32 ++++++++++++++++------ 1 file changed, 24 insertions(+), 8 deletions(-) (limited to 'system/libraries/Session/drivers/Session_redis_driver.php') diff --git a/system/libraries/Session/drivers/Session_redis_driver.php b/system/libraries/Session/drivers/Session_redis_driver.php index ef18defe2..bc6150d2d 100644 --- a/system/libraries/Session/drivers/Session_redis_driver.php +++ b/system/libraries/Session/drivers/Session_redis_driver.php @@ -135,6 +135,9 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle { if (isset($this->_redis) && $this->_get_lock($session_id)) { + // Needed by write() to detect session_regenerate_id() calls + $this->_session_id = $session_id; + $session_data = (string) $this->_redis->get($this->_key_prefix.$session_id); $this->_fingerprint = md5($session_data); return $session_data; @@ -145,7 +148,23 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle public function write($session_id, $session_data) { - if (isset($this->_redis, $this->_lock_key)) + if ( ! isset($this->_redis)) + { + return FALSE; + } + // Was the ID regenerated? + elseif ($session_id !== $this->_session_id) + { + if ( ! $this->_release_lock() OR ! $this->_get_lock($session_id)) + { + return FALSE; + } + + $this->_fingerprint = md5(''); + $this->_session_id = $session_id; + } + + if (isset($this->_lock_key)) { $this->_redis->setTimeout($this->_lock_key, 5); if ($this->_fingerprint !== ($fingerprint = md5($session_data))) @@ -190,7 +209,7 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle return TRUE; } - return FALSE; + return TRUE; } // ------------------------------------------------------------------------ @@ -204,20 +223,17 @@ class CI_Session_redis_driver extends CI_Session_driver implements SessionHandle log_message('debug', 'Session: Redis::delete() expected to return 1, got '.var_export($result, TRUE).' instead.'); } - return ($this->_cookie_destroy() && $this->close()); + return $this->_cookie_destroy(); } - return $this->close(); + return FALSE; } // ------------------------------------------------------------------------ public function gc($maxlifetime) { - // TODO: keys()/getKeys() is said to be performance-intensive, - // although it supports patterns (*, [charlist] at the very least). - // scan() seems to be recommended, but requires redis 2.8 - // Not sure if we need any of these though, as we set keys with expire times + // Not necessary, Redis takes care of that. return TRUE; } -- cgit v1.2.3-24-g4f1b