« Previous | Next » 

Revision a4c094a7


Added by Robert Lemke about 9 years ago

[BUGFIX] Prevent data from destroyed session from being loaded

This fixes a problem with session data which is being unserialized
even though its session is about to be destroyed. Because the
time of the last activity was stored in the session and needs to be
retrieved in order to determine if the session is still valid, also all
other session data is being unserialized by PHP. This results in
session scope objects registering themselves at the Object Manager
due to their code in __wakeup().

Now the session time out is not stored in the session anymore but
in its own cookie. Therefore the session data is only unserialized
if the session is still valid.

Change-Id: If7d004c7922c4c14e3713eae2f34d36a14d55b84
Resolves: #37001
Releases: 1.1, 1.2

  • added
  • modified
  • copied
  • renamed
  • deleted