Closed bigpresh closed 5 years ago
Right, the fix in this PR definitely works for us, but the tests I added pass with or without the fix.
It turns out, after much, much digging (thanks @skington for the help, too) that the problem only manifests if you use send_file
and then try to access the session in an after handler (e.g. in some logging code which wants to log what happened and the user ID from the session).
So, I should be able to add a test which uses send_file
, and see it fail without the fix and pass with the fix, and then I can be happy.
Previously, every time we try to read from a session,
write_session_id
would generate a new session cookie to add to the response (overwriting the previously-generated one each time) - this is a bit silly and wasteful, but more importantly, causesToo late to set another cookie, headers already built
errors if you try to access a session var from e.g. anafter
hook.So, check if we have already added the appropriate session cookie to the response object, and if so, all is fine, do nothing.