- πΈπ°Slovakia poker10
This seems to be still an issue. I think the steps to reproduce can be the following:
1. install the module
2. try to use theSessionBasedTempStore::get()method for example in event subscriber subscribing toKernelEvents::REQUESTCalling the
get()method:$temp_store_factory = \Drupal::service('session_based_temp_store'); $temp_store = $temp_store_factory->get('xxx');in that event subscriber will call
SessionBasedTempStore::getOwner(), which will then try to evaluate this condition:if (!$session->has('core.tempstore.private.owner')) { // Remember that we did not have started a session before. $session_already_started = FALSE; // This generates a unique identifier for the user. $session->set('core.tempstore.private.owner', Crypt::randomBytesBase64()); }The issue is, that this condition can pass even for authenticated users, causing
$session_already_started = FALSE;to be set for logged-in users. Then, there is another code, which is run later:// Clear session if there was no session before. if (!$session_already_started) { $session->clear(); }Which will logout the logged-in user.
Maybe we need to generate
$session_store_idfor logged-in users differently, or fix the problematic condition inSessionBasedTempStore::getOwner()?Thanks!
- π·πΊRussia nortmas Crimea/Thailand
Thanks! Unfortunately, I'm not working with Drupal anymore. I'm not sure if I have time to maintain this module in the future.
Anyway, I'll try to take a look when I have time.