From 9b56e16190948924f4856690f6b4fdc0e764df36 Mon Sep 17 00:00:00 2001
From: catch <catch@35733.no-reply.drupal.org>
Date: Mon, 20 May 2024 14:41:41 +0100
Subject: [PATCH] Issue #2868384 by RoSk0, poker10, tuutti, rgeerolf, sokru,
 jofitz, pooja saraah, cilefen, catch, ThomWilhelm, larowlan, quietone: Allow
 the session name suffix to be configurable

---
 core/assets/scaffold/files/default.services.yml     |  5 +++++
 core/core.services.yml                              |  1 +
 .../Drupal/Core/Session/SessionConfiguration.php    | 13 +++++++++----
 .../Tests/Core/Session/SessionConfigurationTest.php | 12 +++++++-----
 sites/default/default.services.yml                  |  5 +++++
 5 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/core/assets/scaffold/files/default.services.yml b/core/assets/scaffold/files/default.services.yml
index 239ec7b3a560..dacb3f7e9e3e 100644
--- a/core/assets/scaffold/files/default.services.yml
+++ b/core/assets/scaffold/files/default.services.yml
@@ -64,6 +64,11 @@ parameters:
     # \Drupal\Core\Session\SessionConfiguration::__construct()
     # @default 6
     sid_bits_per_character: 6
+    # By default, Drupal generates a session cookie name based on the full
+    # domain name. Set the name_suffix to a short random string to ensure this
+    # session cookie name is unique on different installations on the same
+    # domain and path (for example, when migrating from Drupal 7).
+    name_suffix: ''
   twig.config:
     # Twig debugging:
     #
diff --git a/core/core.services.yml b/core/core.services.yml
index 561ca8c3a9ca..fbfc81cb16d9 100644
--- a/core/core.services.yml
+++ b/core/core.services.yml
@@ -17,6 +17,7 @@ parameters:
     cookie_samesite: Lax
     sid_length: 48
     sid_bits_per_character: 6
+    name_suffix: ''
   twig.config:
     debug: false
     auto_reload: null
diff --git a/core/lib/Drupal/Core/Session/SessionConfiguration.php b/core/lib/Drupal/Core/Session/SessionConfiguration.php
index d1e5de1d934e..541b94ab4c96 100644
--- a/core/lib/Drupal/Core/Session/SessionConfiguration.php
+++ b/core/lib/Drupal/Core/Session/SessionConfiguration.php
@@ -25,9 +25,14 @@ class SessionConfiguration implements SessionConfigurationInterface {
    * @see https://www.php.net/manual/session.security.ini.php
    */
   public function __construct($options = []) {
-    // Provide sensible defaults for sid_length and sid_bits_per_character.
-    // See core/assets/scaffold/files/default.services.yml for more information.
-    $this->options = $options + ['sid_length' => 48, 'sid_bits_per_character' => 6];
+    // Provide sensible defaults for sid_length, sid_bits_per_character and
+    // name_suffix.
+    // @see core/assets/scaffold/files/default.services.yml
+    $this->options = $options + [
+      'sid_length' => 48,
+      'sid_bits_per_character' => 6,
+      'name_suffix' => '',
+    ];
   }
 
   /**
@@ -96,7 +101,7 @@ protected function getUnprefixedName(Request $request) {
     else {
       // Otherwise use $base_url as session name, without the protocol
       // to use the same session identifiers across HTTP and HTTPS.
-      $session_name = $request->getHost() . $request->getBasePath();
+      $session_name = $request->getHost() . $request->getBasePath() . $this->options['name_suffix'];
       // Replace "core" out of session_name so core scripts redirect properly,
       // specifically install.php.
       $session_name = preg_replace('#/core$#', '', $session_name);
diff --git a/core/tests/Drupal/Tests/Core/Session/SessionConfigurationTest.php b/core/tests/Drupal/Tests/Core/Session/SessionConfigurationTest.php
index 2a2cbeee18ba..fd85368f4c44 100644
--- a/core/tests/Drupal/Tests/Core/Session/SessionConfigurationTest.php
+++ b/core/tests/Drupal/Tests/Core/Session/SessionConfigurationTest.php
@@ -266,11 +266,12 @@ public static function providerTestEnforcedSessionName() {
    *
    * @dataProvider providerTestConstructorDefaultSettings
    */
-  public function testConstructorDefaultSettings(array $options, int $expected_sid_length, int $expected_sid_bits_per_character) {
+  public function testConstructorDefaultSettings(array $options, int $expected_sid_length, int $expected_sid_bits_per_character, string $expected_name_suffix) {
     $config = $this->createSessionConfiguration($options);
     $options = $config->getOptions(Request::createFromGlobals());
     $this->assertSame($expected_sid_length, $options['sid_length']);
     $this->assertSame($expected_sid_bits_per_character, $options['sid_bits_per_character']);
+    $this->assertSame($expected_name_suffix, $options['name_suffix']);
   }
 
   /**
@@ -281,10 +282,11 @@ public function testConstructorDefaultSettings(array $options, int $expected_sid
    */
   public static function providerTestConstructorDefaultSettings() {
     return [
-      [[], 48, 6],
-      [['sid_length' => 100], 100, 6],
-      [['sid_bits_per_character' => 5], 48, 5],
-      [['sid_length' => 100, 'sid_bits_per_character' => 5], 100, 5],
+      [[], 48, 6, ''],
+      [['sid_length' => 100], 100, 6, ''],
+      [['sid_bits_per_character' => 5], 48, 5, ''],
+      [['name_suffix' => 'some-suffix'], 48, 6, 'some-suffix'],
+      [['sid_length' => 100, 'sid_bits_per_character' => 5, 'name_suffix' => 'some-suffix'], 100, 5, 'some-suffix'],
     ];
   }
 
diff --git a/sites/default/default.services.yml b/sites/default/default.services.yml
index 239ec7b3a560..dacb3f7e9e3e 100644
--- a/sites/default/default.services.yml
+++ b/sites/default/default.services.yml
@@ -64,6 +64,11 @@ parameters:
     # \Drupal\Core\Session\SessionConfiguration::__construct()
     # @default 6
     sid_bits_per_character: 6
+    # By default, Drupal generates a session cookie name based on the full
+    # domain name. Set the name_suffix to a short random string to ensure this
+    # session cookie name is unique on different installations on the same
+    # domain and path (for example, when migrating from Drupal 7).
+    name_suffix: ''
   twig.config:
     # Twig debugging:
     #
-- 
GitLab