Closed weierophinney closed 4 years ago
@michalbundyra I've added unit test for test old session destroyed first on regenerate session id on persist session.
Originally posted by @samsonasik at https://github.com/zendframework/zend-expressive-session-ext/pull/47#issuecomment-569059652
hm..., the test is working locally, while in travis, it still failure, I even use @runInSeparateProcess
Originally posted by @samsonasik at https://github.com/zendframework/zend-expressive-session-ext/pull/47#issuecomment-569061180
@michalbundyra travis green now with use custom session path in unit test, please check it.
Originally posted by @samsonasik at https://github.com/zendframework/zend-expressive-session-ext/pull/47#issuecomment-569062708
@samsonasik Fixed in 1.7.1.
There is a use case when session already started before, and already set some value, eg: on csrf session data on a login form. When authenticate, it call the session regenerate, which session id changed, but left the old session not persisted (unset not applied as session id changed), so old session with the value remain in the disk.
To avoid it, I think we can apply
session_destroy()
beforesession_write_close()
whenever session is active.Originally posted by @samsonasik at https://github.com/zendframework/zend-expressive-session-ext/pull/47