Kent Richards · e976ba2e · b896f004 · 6d6c2b79 · 4d60e0cd · 1408c86b
--- a/core/lib/Drupal/Core/Session/SessionHandler.php

+ 27

− 10
+++ b/core/lib/Drupal/Core/Session/SessionHandler.php

+ 27

− 10
 @@ -8,12 +8,12 @@
 @@ -8,12 +8,12 @@
 use Drupal\Core\Database\DatabaseException;
 use Drupal\Core\DependencyInjection\DependencySerializationTrait;
 use Symfony\Component\HttpFoundation\RequestStack;
-use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy;
+use Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler;
 /**
 * Default session handler.
 */
-class SessionHandler extends AbstractProxy implements \SessionHandlerInterface {
+class SessionHandler extends AbstractSessionHandler implements \SessionHandlerInterface, \SessionUpdateTimestampHandlerInterface {
  use DependencySerializationTrait;
 @@ -44,13 +44,13 @@ public function open(string $save_path, string $name): bool {
 @@ -44,13 +44,13 @@ public function open(string $save_path, string $name): bool {
  /**
   * {@inheritdoc}
   */
-  public function read(#[\SensitiveParameter] string $sid): string|false {
+  public function doRead(#[\SensitiveParameter] string $sessionId): string {
    $data = '';
-    if (!empty($sid)) {
+    if (!empty($sessionId)) {
      try {
        // Read the session data from the database.
        $query = $this->connection
-          ->queryRange('SELECT [session] FROM {sessions} WHERE [sid] = :sid', 0, 1, [':sid' => Crypt::hashBase64($sid)]);
+          ->queryRange('SELECT [session] FROM {sessions} WHERE [sid] = :sid', 0, 1, [':sid' => Crypt::hashBase64($sessionId)]);
        $data = (string) $query->fetchField();
      }
      // Swallow the error if the table hasn't been created yet.
 @@ -63,18 +63,18 @@ public function read(#[\SensitiveParameter] string $sid): string|false {
 @@ -63,18 +63,18 @@ public function read(#[\SensitiveParameter] string $sid): string|false {
  /**
   * {@inheritdoc}
   */
-  public function write(#[\SensitiveParameter] string $sid, string $value): bool {
+  public function doWrite(#[\SensitiveParameter] string $sessionId, string $data): bool {
    $try_again = FALSE;
    $request = $this->requestStack->getCurrentRequest();
    $fields = [
      'uid' => $request->getSession()->get('uid', 0),
      'hostname' => $request->getClientIP(),
-      'session' => $value,
+      'session' => $data,
      'timestamp' => $this->time->getRequestTime(),
    ];
    $doWrite = fn() =>
      $this->connection->merge('sessions')
-        ->keys(['sid' => Crypt::hashBase64($sid)])
+        ->keys(['sid' => Crypt::hashBase64($sessionId)])
        ->fields($fields)
        ->execute();
    try {
 @@ -106,11 +106,18 @@ public function close(): bool {
 @@ -106,11 +106,18 @@ public function close(): bool {
  /**
   * {@inheritdoc}
   */
-  public function destroy(#[\SensitiveParameter] string $sid): bool {
+  public function destroy(#[\SensitiveParameter] string $sessionId): bool {
+    return $this->doDestroy($sessionId);
+  }
+  /**
+   * {@inheritdoc}
+   */
+  protected function doDestroy(#[\SensitiveParameter] string $sessionId): bool {
    try {
      // Delete session data.
      $this->connection->delete('sessions')
-        ->condition('sid', Crypt::hashBase64($sid))
+        ->condition('sid', Crypt::hashBase64($sessionId))
        ->execute();
    }
    // Swallow the error if the table hasn't been created yet.
 @@ -140,6 +147,16 @@ public function gc(int $lifetime): int|false {
 @@ -140,6 +147,16 @@ public function gc(int $lifetime): int|false {
    return FALSE;
  }
+  /**
+   * {@inheritdoc}
+   */
+  public function updateTimestamp(#[\SensitiveParameter] string $sessionId, string $data): bool {
+    // This function is intentionally a no-op. Drupal manages session expiry in
+    // the MetadataBag, and the timestamp should not be updated here.
+    // @see \Drupal\Core\Session\MetadataBag::__construct()
+    return TRUE;
+  }
  /**
   * Defines the schema for the session table.
   *