Closed rtek closed 6 years ago
Proposed fix resulted in lots of failed tests. Reviewing the tests:
These seem like they are reversed. Wouldn't a session cookie imply existing session, so no need to Set-Cookie unless there is a regeneration?
If there isn't any data set, it doesn't need to generate a new session id or add the cookie to the response. So your test is wrong. The assert should be like this:
$this->assertEmpty($response->getHeaderLine('Set-Cookie'));
However it also fails this test:
public function testCookiesSetWithoutRegenerate(): void
{
$persistence = new PhpSessionPersistence();
$request = new ServerRequest();
$session = $persistence->initializeSessionFromRequest($request);
$session->set('foo', 'bar');
$response = new Response();
$response = $persistence->persistSession($session, $response);
$this->assertNotEmpty($response->getHeaderLine('Set-Cookie'));
}
In case you have a new session and add data to it, it should be persisted. The problem is that nowhere a check is performed for changed data. This is solved in #21:
public function persistSession(SessionInterface $session, ResponseInterface $response) : ResponseInterface
{
// Regenerate if the session is marked as regenerated
// Regenerate if there is no cookie id set but the session has changed (new session with data)
if ($session->isRegenerated()
|| ($session->hasChanged() && ! $this->cookie)) {
$this->regenerateSession();
}
// ...
}
Yes this works. I misunderstood the underlying issue.
I am unable to get the session cookie to attach to the response from an initial client request without a regeneration. I would expect the first response to contain a Set-Cookie since there is not yet a session to regenerate.