diff --git a/core/core.services.yml b/core/core.services.yml index d585da0..027d300 100644 --- a/core/core.services.yml +++ b/core/core.services.yml @@ -724,8 +724,8 @@ services: class: Drupal\Core\Session\AccountProxy arguments: ['@authentication', '@request'] session_manager.metadata_bag: - class: Symfony\Component\HttpFoundation\Session\Storage\MetadataBag - arguments: ['_sf2_meta', 180] + class: Drupal\Core\Session\MetadataBag + arguments: ['@settings'] session_manager: class: Drupal\Core\Session\SessionManager arguments: ['@request_stack', '@database', '@session_manager.metadata_bag'] diff --git a/core/lib/Drupal/Core/Session/SessionHandler.php b/core/lib/Drupal/Core/Session/SessionHandler.php index a22d94e..873df04 100644 --- a/core/lib/Drupal/Core/Session/SessionHandler.php +++ b/core/lib/Drupal/Core/Session/SessionHandler.php @@ -41,13 +41,6 @@ class SessionHandler extends AbstractProxy implements \SessionHandlerInterface { protected $connection; /** - * An array containing the sid and data from last read. - * - * @var array - */ - protected $lastRead; - - /** * Constructs a new SessionHandler instance. * * @param \Drupal\Core\Session\SessionManagerInterface $session_manager @@ -137,11 +130,6 @@ public function read($sid) { $user = new UserSession(); } - // Store the session that was read for comparison in self::write(). - $this->lastRead = array( - 'sid' => $sid, - 'value' => $user->session, - ); return $user->session; } @@ -159,15 +147,7 @@ public function write($sid, $value) { // session. return TRUE; } - // Check whether $_SESSION has been changed in this request. - $is_changed = empty($this->lastRead) || $this->lastRead['sid'] != $sid || $this->lastRead['value'] !== $value; - // For performance reasons, do not update the sessions table, unless - // $_SESSION has changed or more than 180 has passed since the last - // update. - $needs_update = !$user->getLastAccessedTime() || REQUEST_TIME - $user->getLastAccessedTime() > Settings::get('session_write_interval', 180); - - if ($is_changed || $needs_update) { // Either ssid or sid or both will be added from $key below. $fields = array( 'uid' => $user->id(), @@ -200,7 +180,7 @@ public function write($sid, $value) { ->keys($key) ->fields($fields) ->execute(); - } + // Likewise, do not update access time more than once per 180 seconds. if ($user->isAuthenticated() && REQUEST_TIME - $user->getLastAccessedTime() > Settings::get('session_write_interval', 180)) { $this->connection->update('users') diff --git a/core/lib/Drupal/Core/Session/SessionManager.php b/core/lib/Drupal/Core/Session/SessionManager.php index 96fcb63..bee306e 100644 --- a/core/lib/Drupal/Core/Session/SessionManager.php +++ b/core/lib/Drupal/Core/Session/SessionManager.php @@ -13,8 +13,9 @@ use Drupal\Core\Session\AnonymousUserSession; use Drupal\Core\Session\SessionHandler; use Symfony\Component\HttpFoundation\RequestStack; +use Symfony\Component\HttpFoundation\Session\Storage\Handler\WriteCheckSessionHandler; +use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as SymfonyMetadataBag; use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; -use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag; /** * Manages user sessions. @@ -70,7 +71,7 @@ class SessionManager extends NativeSessionStorage implements SessionManagerInter * @param \Symfony\Component\HttpFoundation\Session\Storage\MetadataBag $metadata_bag * The session metadata bag. */ - public function __construct(RequestStack $request_stack, Connection $connection, MetadataBag $metadata_bag) { + public function __construct(RequestStack $request_stack, Connection $connection, SymfonyMetadataBag $metadata_bag) { parent::__construct(); $this->requestStack = $request_stack; $this->connection = $connection; @@ -92,8 +93,9 @@ public function initialize() { // Register the default session handler. // @todo Extract session storage from session handler into a service. - $handler = new SessionHandler($this, $this->requestStack, $this->connection); - $this->setSaveHandler($handler); + $save_handler = new SessionHandler($this, $this->requestStack, $this->connection); + $write_check_handler = new WriteCheckSessionHandler($save_handler); + $this->setSaveHandler($write_check_handler); $is_https = $this->requestStack->getCurrentRequest()->isSecure(); $cookies = $this->requestStack->getCurrentRequest()->cookies;