Suggestion: start session safely in sessionMiddleware

Question

Suggestion: start session safely in sessionMiddleware

terrylinooo opened this issue 5 years ago · 1 comments

To prevent third-party application conflicts I suggest this.

 if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

So it would look like this.

class SessionMiddleware implements Middleware
{
    /**
     * {@inheritdoc}
     */
    public function process(Request $request, RequestHandler $handler): Response
    {
        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
            if (session_status() === PHP_SESSION_NONE) {
                session_start();
            }
            $request = $request->withAttribute('session', $_SESSION);
        }

        return $handler->handle($request);
    }
}

Answer 1 · 2019-10-14T05:18:44.000Z

I suggest this is because of conflicts with my work https://github.com/terrylinooo/shieldon
It is better to start safely to prevent conflicts with other libraries.