From 736a5f97dbd288a748d723dca1d96c041e248517 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Wed, 11 Oct 2023 19:52:38 +0200
Subject: [PATCH] fix(session): Log critical conditions where sessions might be
 lost

* Regenerating session when cookies can't be sent -> lost
* Regenerating session ID and deleting old data -> possible loss

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 lib/private/Session/Internal.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php
index 29e10dd7426b0..1c4be80d439e7 100644
--- a/lib/private/Session/Internal.php
+++ b/lib/private/Session/Internal.php
@@ -37,6 +37,8 @@
 use OC\Authentication\Token\IProvider;
 use OCP\Session\Exceptions\SessionNotAvailableException;
 use Psr\Log\LoggerInterface;
+use function headers_sent;
+use function OCP\Log\logger;
 
 /**
  * Class Internal
@@ -142,6 +144,14 @@ public function regenerateId(bool $deleteOldSession = true, bool $updateToken =
 			}
 		}
 
+		if (headers_sent()) {
+			logger('core')->critical('Regenerating session ID but headers have been sent. This session will be lost.', [
+				'deleteOldSession' => $deleteOldSession,
+			]);
+		} else if ($deleteOldSession) {
+			logger('core')->warning('Calling session_regenerate_id with delete_old_session=true can lead to lost sessions');
+		}
+
 		try {
 			@session_regenerate_id($deleteOldSession);
 		} catch (\Error $e) {
@@ -226,6 +236,12 @@ private function startSession(bool $silence = false, bool $readAndClose = true)
 		if (\OC::hasSessionRelaxedExpiry()) {
 			$sessionParams['read_and_close'] = $readAndClose;
 		}
+		if (headers_sent()) {
+			logger('core')->critical('Starting session but headers have been sent. This session will be lost.', [
+				'silence' => $silence,
+				'readAndClos' => $readAndClose,
+			]);
+		}
 		$this->invoke('session_start', [$sessionParams], $silence);
 	}
 }