From 95a14f21870b0e328139d978587053ed87f42b84 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Wed, 11 Oct 2023 19:52:38 +0200
Subject: [PATCH] fix(session): Log critical conditions where sessions might be
 lost

* Regenerating session when cookies can't be sent -> lost
* Regenerating session ID and deleting old data -> possible loss

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 lib/private/Session/Internal.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php
index e8e2a4f2d8e43..112ce3342f21b 100644
--- a/lib/private/Session/Internal.php
+++ b/lib/private/Session/Internal.php
@@ -36,6 +36,8 @@
 use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Token\IProvider;
 use OCP\Session\Exceptions\SessionNotAvailableException;
+use function headers_sent;
+use function OCP\Log\logger;
 
 /**
  * Class Internal
@@ -138,6 +140,14 @@ public function regenerateId(bool $deleteOldSession = true, bool $updateToken =
 			}
 		}
 
+		if (headers_sent()) {
+			logger('core')->critical('Regenerating session ID but headers have been sent. This session will be lost.', [
+				'deleteOldSession' => $deleteOldSession,
+			]);
+		} elseif ($deleteOldSession) {
+			logger('core')->warning('Calling session_regenerate_id with delete_old_session=true can lead to lost sessions');
+		}
+
 		try {
 			@session_regenerate_id($deleteOldSession);
 		} catch (\Error $e) {
@@ -222,6 +232,12 @@ private function startSession(bool $silence = false, bool $readAndClose = true)
 		if (\OC::hasSessionRelaxedExpiry()) {
 			$sessionParams['read_and_close'] = $readAndClose;
 		}
+		if (headers_sent()) {
+			logger('core')->critical('Starting session but headers have been sent. This session will be lost.', [
+				'silence' => $silence,
+				'readAndClose' => $readAndClose,
+			]);
+		}
 		$this->invoke('session_start', [$sessionParams], $silence);
 	}
 }