Merge pull request #11288 from mensler/session-without-cookies-2.x

Check for session.use_trans_sid and session ID in URL when cookies are disabled (2.x)
This commit is contained in:
Mark Story 2017-10-07 12:17:30 -04:00 committed by GitHub
commit e889535e41

View file

@ -134,6 +134,13 @@ class CakeSession {
*/ */
protected static $_cookieName = null; protected static $_cookieName = null;
/**
* Whether this session is running under a CLI environment
*
* @var bool
*/
protected static $_isCLI = false;
/** /**
* Pseudo constructor. * Pseudo constructor.
* *
@ -155,6 +162,7 @@ class CakeSession {
} }
static::$_initialized = true; static::$_initialized = true;
static::$_isCLI = (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
} }
/** /**
@ -596,14 +604,18 @@ class CakeSession {
* @return bool * @return bool
*/ */
protected static function _hasSession() { protected static function _hasSession() {
return static::started() || isset($_COOKIE[static::_cookieName()]) || (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg'); return static::started()
|| !ini_get('session.use_cookies')
|| isset($_COOKIE[static::_cookieName()])
|| static::$_isCLI
|| (ini_get('session.use_trans_sid') && isset($_GET[session_name()]));
} }
/** /**
* Find the handler class and make sure it implements the correct interface. * Find the handler class and make sure it implements the correct interface.
* *
* @param string $handler Handler name. * @param string $handler Handler name.
* @return void * @return CakeSessionHandlerInterface
* @throws CakeSessionException * @throws CakeSessionException
*/ */
protected static function _getHandler($handler) { protected static function _getHandler($handler) {