Merge pull request #11288 from mensler/session-without-cookies-2.x

Check for session.use_trans_sid and session ID in URL when cookies are disabled (2.x)
2024-11-15 03:18:26 +00:00 · 2017-10-07 12:17:30 -04:00 · 2017-10-07 12:17:30 -04:00 · e889535e41
commit e889535e41
parent a71cad0420 61eddc6bde
1 changed files with 14 additions and 2 deletions
--- a/lib/Cake/Model/Datasource/CakeSession.php
+++ b/lib/Cake/Model/Datasource/CakeSession.php
@ -134,6 +134,13 @@ class CakeSession {
 */
 	protected static $_cookieName = null;

+/**
+ * Whether this session is running under a CLI environment
+ *
+ * @var bool
+ */
+	protected static $_isCLI = false;
+
 /**
 * Pseudo constructor.
 *
@ -155,6 +162,7 @@ class CakeSession {
 		}

 		static::$_initialized = true;
+		static::$_isCLI = (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
 	}

 /**
@ -596,14 +604,18 @@ class CakeSession {
 * @return bool
 */
 	protected static function _hasSession() {
-		return static::started() || isset($_COOKIE[static::_cookieName()]) || (PHP_SAPI === 'cli' || PHP_SAPI === 'phpdbg');
+		return static::started()
+			|| !ini_get('session.use_cookies')
+			|| isset($_COOKIE[static::_cookieName()])
+			|| static::$_isCLI
+			|| (ini_get('session.use_trans_sid') && isset($_GET[session_name()]));
 	}

 /**
 * Find the handler class and make sure it implements the correct interface.
 *
 * @param string $handler Handler name.
- * @return void
+ * @return CakeSessionHandlerInterface
 * @throws CakeSessionException
 */
 	protected static function _getHandler($handler) {