diff --git a/lib/internal/Magento/Framework/Session/SessionManager.php b/lib/internal/Magento/Framework/Session/SessionManager.php index ca8d3d92d7609..0365e5bc49d14 100644 --- a/lib/internal/Magento/Framework/Session/SessionManager.php +++ b/lib/internal/Magento/Framework/Session/SessionManager.php @@ -15,11 +15,6 @@ */ class SessionManager implements SessionManagerInterface { - /** - * Session destroyed threshold in seconds - */ - const SESSION_DESTROYED_THRESHOLD = 300; - /** * Default options when a call destroy() * @@ -194,11 +189,12 @@ public function start() // potential custom logic for session id (ex. switching between hosts) $this->setSessionId($sid); session_start(); - if (isset($_SESSION['destroyed'])) { - if ($_SESSION['destroyed'] < time() - self::SESSION_DESTROYED_THRESHOLD) { - $this->destroy(['clear_storage' => true]); - } + if (isset($_SESSION['destroyed']) + && $_SESSION['destroyed'] < time() - $this->sessionConfig->getCookieLifetime() + ) { + $this->destroy(['clear_storage' => true]); } + $this->validator->validate($this); $this->renewCookie($sid); @@ -513,29 +509,34 @@ public function regenerateId() return $this; } - // @codingStandardsIgnoreStart if ($this->isSessionExists()) { + // Regenerate the session session_regenerate_id(); $newSessionId = session_id(); $_SESSION['new_session_id'] = $newSessionId; + // Set destroy timestamp $_SESSION['destroyed'] = time(); + // Write and close current session; session_commit(); + // Called after destroy() $oldSession = $_SESSION; + // Start session with new session ID session_id($newSessionId); session_start(); $_SESSION = $oldSession; + // New session does not need them unset($_SESSION['destroyed']); unset($_SESSION['new_session_id']); } else { session_start(); } - // @codingStandardsIgnoreEnd + $this->storage->init(isset($_SESSION) ? $_SESSION : []); if ($this->sessionConfig->getUseCookies()) {