Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(session): Log critical conditions where sessions might be lost #40878

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Oct 11, 2023

Summary

  • Regenerating session when cookies can't be sent -> lost
  • Regenerating session ID and deleting old data -> possible loss

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

https://www.php.net/manual/en/function.session-regenerate-id.php

Inspiration taken from https://github.com/symfony/symfony/blob/732ef5761c6576102983c99aab4a38679adce8d2/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php#L207-L229 too.

Checklist

@ChristophWurst
Copy link
Member Author

/backport to stable27

@ChristophWurst ChristophWurst force-pushed the fix/session/log-likely-lost-session-conditions branch from 736a5f9 to 37367ec Compare October 11, 2023 17:57
@ChristophWurst ChristophWurst force-pushed the fix/session/log-likely-lost-session-conditions branch from 37367ec to 44196bb Compare October 12, 2023 09:48
@blizzz
Copy link
Member

blizzz commented Oct 12, 2023

CI having opinions

* Regenerating session when cookies can't be sent -> lost
* Regenerating session ID and deleting old data -> possible loss

Signed-off-by: Christoph Wurst <[email protected]>
@ChristophWurst ChristophWurst force-pushed the fix/session/log-likely-lost-session-conditions branch from 44196bb to 95a14f2 Compare October 12, 2023 12:11
'deleteOldSession' => $deleteOldSession,
]);
} elseif ($deleteOldSession) {
logger('core')->warning('Calling session_regenerate_id with delete_old_session=true can lead to lost sessions');
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be lowered to debug. this is called a lot

@ChristophWurst ChristophWurst marked this pull request as draft October 13, 2023 12:03
@solracsf solracsf added this to the Nextcloud 28 milestone Oct 27, 2023
@skjnldsv skjnldsv mentioned this pull request Nov 1, 2023
@blizzz blizzz mentioned this pull request Nov 6, 2023
@ChristophWurst ChristophWurst added 1. to develop Accepted and waiting to be taken care of and removed 3. to review Waiting for reviews labels Nov 7, 2023
@ChristophWurst ChristophWurst removed this from the Nextcloud 28 milestone Nov 7, 2023
@solracsf solracsf added this to the Nextcloud 28 milestone Nov 21, 2023
@blizzz blizzz mentioned this pull request Nov 22, 2023
5 tasks
@ChristophWurst ChristophWurst removed this from the Nextcloud 28 milestone Nov 22, 2023
@blizzz blizzz added this to the Nextcloud 29 milestone Nov 23, 2023
@skjnldsv skjnldsv added 2. developing Work in progress and removed 1. to develop Accepted and waiting to be taken care of labels Feb 21, 2024
This was referenced Mar 12, 2024
@Altahrim Altahrim mentioned this pull request Mar 20, 2024
@skjnldsv skjnldsv modified the milestones: Nextcloud 29, Nextcloud 30 Mar 28, 2024
@skjnldsv skjnldsv modified the milestones: Nextcloud 30, Nextcloud 31 Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants