Bug Report #3431
AuthDriver Base:INCORRECTLY refers to $_SESSION superglobal in two places
| Status: | New | Start date: | 11/25/2010 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | Estimated time: | 1.00 hour | |
| Resolution: | Points: |
Description
Hi. abstract AuthDriver base correctly composes itself in constructor with reference to Kohana based session singleton $this->session = Session::instance();
However.. both AuthDriver's logged_in and get_user methods then INCORRECTLY refer directly to $_SESSION superglobal, rather than employ own reference on $this->session(). Example of fix I had to make locally for logged_in below.
When and why does this matter? Well.. firstly Kohana's own doc says in big bold: Note however this has been seen leading to unpredictable behavior if both $_SESSION and the session library methods are used.
Really though, its about my specific case: I am integrating applications, and they are sharing the same session. I created a MY_Session extensions of SessionCore. In order to keep data separate, my Kohana app will do all session operations through Kohana session instance and I in MY_Session I overrode get() and set() methods, which prepends a string (say, "my_kohana_app") in order to "namespace" values such that they do not collide with other apps which add their own things to session using $_SESSION superglobal.
public function logged_in($role)
{
if($this->session->get($this->config['session_key']))
return true;
else
return false;
//return isset($_SESSION[$this->config['session_key']]);
}