Contrib.social

Use own Unique Id instead of Session ID

Open on Drupal.org →
Created on 1 August 2024, about 2 months ago
Updated 15 August 2024, about 1 month ago

Problem/Motivation

Using the SessionManagerInterface::getId() or Session::getId() no longer reliably returns and valid and non-changing session id.

Modules should not use the Session ID but rather their own internal unique identifier.

Change notice: [D9.2] Drupal uses PHP session ID generation

Steps to reproduce

Login multiple users from multiple locations and they will all end up with the same hashed session id, which is the value of Crypt::hashBase64(NULL).

Proposed resolution

Use the recommended method of an internal unique value stored in the session instead of the session id itself.

Remaining tasks

  • ✅ File an issue
  • ✅ Addition/Change/Update/Fix
  • ✅ Testing to ensure no regression
  • ✅ Automated functional testing coverage
  • ✅ Code review by maintainers
  • ✅ Release notes snippet
  • ❌ Release

User interface changes

  • N/A

API changes

  • Stored session_id value is now the generated unique id, but the db field name is not changed.

Data model changes

  • N/A

Release notes snippet

🐛 Bug report
Status

Fixed

Version

2.1

Component

Code

Created by

🇦🇺Australia elc

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024