Skip to content

Commit

Permalink
fix(session): Log critical conditions where sessions might be lost
Browse files Browse the repository at this point in the history
* Regenerating session when cookies can't be sent -> lost
* Regenerating session ID and deleting old data -> possible loss

Signed-off-by: Christoph Wurst <[email protected]>
  • Loading branch information
ChristophWurst committed Oct 12, 2023
1 parent 03c7ee4 commit 44196bb
Showing 1 changed file with 16 additions and 0 deletions.
16 changes: 16 additions & 0 deletions lib/private/Session/Internal.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@
use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider;
use OCP\Session\Exceptions\SessionNotAvailableException;
use function headers_sent;
use function OCP\Log\logger;

/**
* Class Internal
Expand Down Expand Up @@ -138,6 +140,14 @@ public function regenerateId(bool $deleteOldSession = true, bool $updateToken =
}
}

if (headers_sent()) {
logger('core')->critical('Regenerating session ID but headers have been sent. This session will be lost.', [
'deleteOldSession' => $deleteOldSession,
]);
} else if ($deleteOldSession) {
logger('core')->warning('Calling session_regenerate_id with delete_old_session=true can lead to lost sessions');
}

try {
@session_regenerate_id($deleteOldSession);
} catch (\Error $e) {
Expand Down Expand Up @@ -222,6 +232,12 @@ private function startSession(bool $silence = false, bool $readAndClose = true)
if (\OC::hasSessionRelaxedExpiry()) {
$sessionParams['read_and_close'] = $readAndClose;
}
if (headers_sent()) {
logger('core')->critical('Starting session but headers have been sent. This session will be lost.', [
'silence' => $silence,
'readAndClose' => $readAndClose,
]);
}
$this->invoke('session_start', [$sessionParams], $silence);
}
}

0 comments on commit 44196bb

Please sign in to comment.