Prevent session data from being re-persisted if closed or destroyed

phalcon · Nov 6, 2018 · 90d9f50 · 90d9f50
1 parent ce8e8ec
commit 90d9f50
Showing 1 changed file with 26 additions and 16 deletions.
diff --git a/Library/Phalcon/Session/Adapter/Database.php b/Library/Phalcon/Session/Adapter/Database.php
@@ -87,7 +87,8 @@ public function __construct($options = null)
      */
     public function open()
     {
-        return true;
+        $this->_started = true;
+        return $this->isStarted();
     }
 
     /**
@@ -97,7 +98,8 @@ public function open()
      */
     public function close()
     {
-        return false;
+        $this->_started = false;
+        return $this->isStarted();
     }
 
     /**
@@ -109,7 +111,11 @@ public function close()
     public function read($sessionId)
     {
         $maxLifetime = (int) ini_get('session.gc_maxlifetime');
-
+
+        if (!$this->isStarted()) {
+            return false;
+        }
+
         $options = $this->getOptions();
         $row = $this->connection->fetchOne(
             sprintf(
@@ -152,7 +158,7 @@ public function write($sessionId, $data)
             Db::FETCH_NUM,
             [$sessionId]
         );
-
+        
         if ($row[0] > 0) {
             return $this->connection->execute(
                 sprintf(
@@ -164,19 +170,23 @@ public function write($sessionId, $data)
                 ),
                 [$data, time(), $sessionId]
             );
-        } else {
-            return $this->connection->execute(
-                sprintf(
-                    'INSERT INTO %s (%s, %s, %s, %s) VALUES (?, ?, ?, NULL)',
-                    $this->connection->escapeIdentifier($options['table']),
-                    $this->connection->escapeIdentifier($options['column_session_id']),
-                    $this->connection->escapeIdentifier($options['column_data']),
-                    $this->connection->escapeIdentifier($options['column_created_at']),
-                    $this->connection->escapeIdentifier($options['column_modified_at'])
-                ),
-                [$sessionId, $data, time()]
-            );
         }
+
+        if (!$this->isStarted()) {
+            return false;
+        }
+
+        return $this->connection->execute(
+            sprintf(
+                'INSERT INTO %s (%s, %s, %s, %s) VALUES (?, ?, ?, NULL)',
+                $this->connection->escapeIdentifier($options['table']),
+                $this->connection->escapeIdentifier($options['column_session_id']),
+                $this->connection->escapeIdentifier($options['column_data']),
+                $this->connection->escapeIdentifier($options['column_created_at']),
+                $this->connection->escapeIdentifier($options['column_modified_at'])
+            ),
+            [$sessionId, $data, time()]
+        );
     }
 
     /**