Created
February 20, 2015 18:30
-
-
Save Berdir/9d8739e5962a227dfdae to your computer and use it in GitHub Desktop.
new csrf token is not saved after a session regenerate/login
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Dark magic from the darkest pits of drupal. After a session regenerate, | |
| // the metadata session bag and $_SESSION are no longer in sync and updates in | |
| // there are not reflected. A new token seed is generated when the form is | |
| // cached, but then not persistend and the form cache token validation fails. | |
| // Manually copy the token seed into $_SESSION. | |
| $metadata = \Drupal::service('session_manager.metadata_bag'); | |
| $_SESSION['_sf2_meta'][$metadata::CSRF_TOKEN_SEED] = $metadata->getCsrfTokenSeed(); |
Thanks for the feedback, I'll open an issue and will try that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bags are references on $_SESSION['bag_name'], so maybe those references need to be refreshed after the call to
session_id. I guess thatSessionManager::startNow()is the culprit, because that tries to transfer session data by copying it. Maybe it is enough to callparent::loadSession()after restoring the session data?