You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 31, 2020. It is now read-only.
If set to true, current session storage will not be overwritten by the contents of $_SESSION.
This PR tests that functionality. Not all tests pass, because the $preserveStorage flag is not working as it should.
Comment
User: @Ocramius
Created On: 2015-02-01T13:03:29Z
Updated At: 2015-02-01T13:03:29Z
Body @Martin-P that functionality actually never worked in 2.x as far as I can see...
Comment
User: @Martin-P
Created On: 2015-02-01T20:49:04Z
Updated At: 2015-02-01T20:49:04Z
Body
That's possible, I only added the tests for what it should do. Not sure if it needs fixing if nobody uses this feature.
Comment
User: @weierophinney
Created On: 2015-03-18T16:42:09Z
Updated At: 2015-03-18T16:42:09Z
Body @Martin-P want to take a crack at making it work? If so, I need changes by tomorrow, 19 March 2015.
Comment
User: @Martin-P
Created On: 2015-03-18T20:53:30Z
Updated At: 2015-03-18T20:53:30Z
Body @weierophinney I do not think this can ever work. The security fix for session validators made me aware of this feature (zendframework/zendframework@ddbf43a). The preservation of $_SESSION data is part of the security fix. Making the preservation of $_SESSION data optional would compromise the security fix.
To make this work the security fix needs a change. The tests covering the security fix are present, so theoretically it should not be a problem. I don't know if you consider it an option to change the security fix?
Comment
User: @weierophinney
Created On: 2015-03-18T22:17:30Z
Updated At: 2015-03-18T22:17:30Z
Body @Martin-P We can change the security fix so long as the tests introduced by it continue to pass.
Comment
User: @Martin-P
Created On: 2015-03-18T22:29:16Z
Updated At: 2015-03-18T22:29:16Z
Body
I can take a look at this, but I think it will be after the 2.4.0 release however.
The text was updated successfully, but these errors were encountered:
This issue has been moved from the
zendframework
repository as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.htmlOriginal Issue: https://api.github.com/repos/zendframework/zendframework/issues/7129
User: @Martin-P
Created On: 2015-01-16T18:01:35Z
Updated At: 2015-03-19T20:26:23Z
Body
Zend/Session/SessionManager::start()
has an optional flag$preserveStorage
:Zend/Session/SessionManager
line 84This PR tests that functionality. Not all tests pass, because the
$preserveStorage
flag is not working as it should.Comment
User: @Ocramius
Created On: 2015-02-01T13:03:29Z
Updated At: 2015-02-01T13:03:29Z
Body
@Martin-P that functionality actually never worked in 2.x as far as I can see...
Comment
User: @Martin-P
Created On: 2015-02-01T20:49:04Z
Updated At: 2015-02-01T20:49:04Z
Body
That's possible, I only added the tests for what it should do. Not sure if it needs fixing if nobody uses this feature.
Comment
User: @weierophinney
Created On: 2015-03-18T16:42:09Z
Updated At: 2015-03-18T16:42:09Z
Body
@Martin-P want to take a crack at making it work? If so, I need changes by tomorrow, 19 March 2015.
Comment
User: @Martin-P
Created On: 2015-03-18T20:53:30Z
Updated At: 2015-03-18T20:53:30Z
Body
@weierophinney I do not think this can ever work. The security fix for session validators made me aware of this feature (zendframework/zendframework@ddbf43a). The preservation of $_SESSION data is part of the security fix. Making the preservation of $_SESSION data optional would compromise the security fix.
To make this work the security fix needs a change. The tests covering the security fix are present, so theoretically it should not be a problem. I don't know if you consider it an option to change the security fix?
Comment
User: @weierophinney
Created On: 2015-03-18T22:17:30Z
Updated At: 2015-03-18T22:17:30Z
Body
@Martin-P We can change the security fix so long as the tests introduced by it continue to pass.
Comment
User: @Martin-P
Created On: 2015-03-18T22:29:16Z
Updated At: 2015-03-18T22:29:16Z
Body
I can take a look at this, but I think it will be after the 2.4.0 release however.
The text was updated successfully, but these errors were encountered: