Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(session): Log critical conditions where sessions might be lost #40878

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

fix(session): Log critical conditions where sessions might be lost #40878

wants to merge 1 commit into from
+16 −0

Conversation

ChristophWurst
Copy link
Member

@ChristophWurst ChristophWurst commented Oct 11, 2023
edited
Loading

Summary

  • Regenerating session when cookies can't be sent -> lost
  • Regenerating session ID and deleting old data -> possible loss

Currently, session_regenerate_id does not handle an unstable network well, e.g. Mobile and WiFi network. Therefore, you may experience a lost session by calling session_regenerate_id.

https://www.php.net/manual/en/function.session-regenerate-id.php

Inspiration taken from https://github.com/symfony/symfony/blob/732ef5761c6576102983c99aab4a38679adce8d2/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php#L207-L229 too.

Checklist

@ChristophWurst ChristophWurst self-assigned this Oct 11, 2023
@ChristophWurst
Copy link
Member Author

/backport to stable27

@ChristophWurst ChristophWurst force-pushed the fix/session/log-likely-lost-session-conditions branch from 736a5f9 to 37367ec Compare October 11, 2023 17:57
@ChristophWurst ChristophWurst force-pushed the fix/session/log-likely-lost-session-conditions branch from 37367ec to 44196bb Compare October 12, 2023 09:48
@blizzz
Copy link
Member

blizzz commented Oct 12, 2023

CI having opinions

@ChristophWurst
fix(session): Log critical conditions where sessions might be lost
95a14f2 
* Regenerating session when cookies can't be sent -> lost
* Regenerating session ID and deleting old data -> possible loss

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
@ChristophWurst ChristophWurst force-pushed the fix/session/log-likely-lost-session-conditions branch from 44196bb to 95a14f2 Compare October 12, 2023 12:11
ChristophWurst
ChristophWurst commented Oct 13, 2023
View reviewed changes
lib/private/Session/Internal.php
'deleteOldSession' => $deleteOldSession,
]);
} elseif ($deleteOldSession) {
logger('core')->warning('Calling session_regenerate_id with delete_old_session=true can lead to lost sessions');
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should be lowered to debug. this is called a lot

@ChristophWurst ChristophWurst marked this pull request as draft October 13, 2023 12:03
@solracsf solracsf added this to the Nextcloud 28 milestone Oct 27, 2023
@skjnldsv skjnldsv mentioned this pull request Nov 1, 2023
Merged
@blizzz blizzz mentioned this pull request Nov 6, 2023
Merged
@ChristophWurst ChristophWurst added 1. to develop Accepted and waiting to be taken care of and removed 3. to review Waiting for reviews labels Nov 7, 2023
@ChristophWurst ChristophWurst removed this from the Nextcloud 28 milestone Nov 7, 2023
@solracsf solracsf added this to the Nextcloud 28 milestone Nov 21, 2023
@blizzz blizzz mentioned this pull request Nov 22, 2023
Merged
5 tasks
@ChristophWurst ChristophWurst removed this from the Nextcloud 28 milestone Nov 22, 2023
@blizzz blizzz added this to the Nextcloud 29 milestone Nov 23, 2023
@skjnldsv skjnldsv added 2. developing Work in progress and removed 1. to develop Accepted and waiting to be taken care of labels Feb 21, 2024
This was referenced Mar 12, 2024
Merged
Merged
Merged
@Altahrim Altahrim mentioned this pull request Mar 20, 2024
Merged
@skjnldsv skjnldsv modified the milestones: Nextcloud 29, Nextcloud 30 Mar 28, 2024
@skjnldsv skjnldsv modified the milestones: Nextcloud 30, Nextcloud 31 Aug 14, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@blizzz blizzz blizzz approved these changes

@juliushaertl juliushaertl juliushaertl approved these changes

Assignees

@ChristophWurst ChristophWurst

Labels
2. developing Work in progress backport-request bug feature: authentication
Projects
None yet
Milestone
Nextcloud 31
Development

Successfully merging this pull request may close these issues.
6 participants
@ChristophWurst @blizzz @nickvergessen @juliushaertl @solracsf @skjnldsv