Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#19891] - [4.0] Session fix

? ? Pending

User tests: Successful: Unsuccessful:

avatar isacandrei
isacandrei
12 Mar 2018

Pull Request for Issue #19769 .

Summary of Changes

A new session needs to be generated even when the last one is expired. This fix solves the problem, but I there may be a better way to do it, by changing the flow entirely when the session is expired.

The basic issue was that after a refresh of Joomla with an expired session, a new one is not generated at first, but only after the user tries to login once.

Testing Instructions

Change this line for faster expiration time.

$this->expire = 10;

Result

The login process works flawlessly after the session is expired.

avatar isacandrei isacandrei - open - 12 Mar 2018
avatar isacandrei isacandrei - change - 12 Mar 2018
Status New Pending
avatar joomla-cms-bot joomla-cms-bot - change - 12 Mar 2018
Category External Library Libraries Composer Change
avatar joomla-cms-bot joomla-cms-bot - edited - 12 Mar 2018
avatar franz-wohlkoenig franz-wohlkoenig - change - 12 Mar 2018
Title
4.0 dev
[4.0] Session fix
Build 4.0-dev 4.0
avatar franz-wohlkoenig
franz-wohlkoenig - comment - 12 Mar 2018

changed Title so its clear what this PR is about.

This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/19891.

avatar wilsonge
wilsonge - comment - 12 Mar 2018

I'm not going to instantly close this so people can test this with patchtester. But as a general rule @isacandrei anything in libraries vendor is 3rd party code (in this case it's our own framework that lives here https://github.com/joomla-framework/session/tree/2.0-dev ) - otherwise next time we run composer install or composer update the changes will get lost

avatar isacandrei
isacandrei - comment - 12 Mar 2018

@wilsonge, shall I make the PR in the library repo?

avatar zero-24
zero-24 - comment - 12 Mar 2018

@wilsonge, shall I make the PR in the library repo?

yes please and link this issue with this one ?

avatar mbabker
mbabker - comment - 12 Mar 2018

The odds of actually recreating this one in the CMS because sessions are started so early are probably slim-to-none, but as proposed this PR will cause PHP warnings to emit.

As noted in joomla-framework/session#37 I committed joomla-framework/session@63f0bba which I believe should fix this issue while avoiding the potential PHP warning.

avatar isacandrei
isacandrei - comment - 13 Mar 2018

I have tested with the new code, but the issue is not resolved. I shall investigate furthermore why the new session is not created upon refreshing a page with an expired one. Ideally, upon refresh, the warning stating that the session has expired should be shown immediately, not after a login attempt.

avatar isacandrei isacandrei - change - 21 Jun 2018
Status Pending Closed
Closed_Date 0000-00-00 00:00:00 2018-06-21 16:26:51
Closed_By isacandrei
Labels Added: ? ?
avatar isacandrei isacandrei - change - 21 Jun 2018
Status Closed Pending
avatar isacandrei isacandrei - close - 21 Jun 2018
avatar isacandrei isacandrei - close - 21 Jun 2018

Add a Comment

Login with GitHub to post a comment