merged branch drak/session_detect (PR #7571)

This PR was squashed before being merged into the master branch (closes #7571).

Discussion
----------

[2.3] Handle PHP sessions started outside of Symfony

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets |
| License       | MIT
| Doc PR        | symfony/symfony-docs#2474

This PR brings a way to allow Symfony2 to manage a session started outside of Symfony in such a way that quite explicit. It also introduces more robust detection of previously started sessions under PHP 5.3 and supports real session status detection under PHP 5.4

Commits
-------

df99902 [2.3] Handle PHP sessions started outside of Symfony

Author: fabpot

Session/Storage/NativeSessionStorage.php

@@ -12,6 +12,7 @@
 namespace Symfony\Component\HttpFoundation\Session\Storage;
 
 use Symfony\Component\HttpFoundation\Session\SessionBagInterface;
+use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;
 use Symfony\Component\HttpFoundation\Session\Storage\Proxy\NativeProxy;
 use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy;
@@ -91,9 +92,9 @@ class NativeSessionStorage implements SessionStorageInterface
      * upload_progress.min-freq, "1"
      * url_rewriter.tags, "a=href,area=href,frame=src,form=,fieldset="
      *
-     * @param array       $options Session configuration options.
-     * @param object      $handler SessionHandlerInterface.
-     * @param MetadataBag $metaBag MetadataBag.
+     * @param array                                                            $options Session configuration options.
+     * @param AbstractProxy|NativeSessionHandler|\SessionHandlerInterface|null $handler
+     * @param MetadataBag                                                      $metaBag MetadataBag.
      */
     public function __construct(array $options = array(), $handler = null, MetadataBag $metaBag = null)
     {
@@ -130,27 +131,28 @@ public function start()
             return true;
         }
 
-        // catch condition where session was started automatically by PHP
-        if (!$this->started && !$this->closed && $this->saveHandler->isActive()
-            && $this->saveHandler->isSessionHandlerInterface()) {
-            $this->loadSession();
+        if (version_compare(phpversion(), '5.4.0', '>=') && \PHP_SESSION_ACTIVE === session_status()) {
+            throw new \RuntimeException('Failed to start the session: already started by PHP.');
+        }
 
-            return true;
+        if (version_compare(phpversion(), '5.4.0', '<') && isset($_SESSION) && session_id()) {
+            // not 100% fool-proof, but is the most reliable way to determine if a session is active in PHP 5.3
+            throw new \RuntimeException('Failed to start the session: already started by PHP ($_SESSION is set).');
         }
 
         if (ini_get('session.use_cookies') && headers_sent()) {
             throw new \RuntimeException('Failed to start the session because headers have already been sent.');
         }
 
-        // start the session
+        // ok to try and start the session
         if (!session_start()) {
             throw new \RuntimeException('Failed to start the session');
         }
 
         $this->loadSession();
-
         if (!$this->saveHandler->isWrapper() && !$this->saveHandler->isSessionHandlerInterface()) {
-            $this->saveHandler->setActive(false);
+            // This condition matches only PHP 5.3 with internal save handlers
+            $this->saveHandler->setActive(true);
         }
 
         return true;
@@ -215,7 +217,8 @@ public function save()
     {
         session_write_close();
 
-        if (!$this->saveHandler->isWrapper() && !$this->getSaveHandler()->isSessionHandlerInterface()) {
+        if (!$this->saveHandler->isWrapper() && !$this->saveHandler->isSessionHandlerInterface()) {
+            // This condition matches only PHP 5.3 with internal save handlers
             $this->saveHandler->setActive(false);
         }
 
@@ -329,29 +332,43 @@ public function setOptions(array $options)
     }
 
     /**
-     * Registers save handler as a PHP session handler.
+     * Registers session save handler as a PHP session handler.
      *
      * To use internal PHP session save handlers, override this method using ini_set with
      * session.save_handler and session.save_path e.g.
      *
      *     ini_set('session.save_handler', 'files');
      *     ini_set('session.save_path', /tmp');
      *
+     * or pass in a NativeSessionHandler instance which configures session.save_handler in the
+     * constructor, for a template see NativeFileSessionHandler or use handlers in
+     * composer package drak/native-session
+     *
      * @see http://php.net/session-set-save-handler
      * @see http://php.net/sessionhandlerinterface
      * @see http://php.net/sessionhandler
+     * @see http://github.com/drak/NativeSession
+     *
+     * @param AbstractProxy|NativeSessionHandler|\SessionHandlerInterface|null $saveHandler
      *
-     * @param object $saveHandler Default null means NativeProxy.
+     * @throws \InvalidArgumentException
      */
     public function setSaveHandler($saveHandler = null)
     {
-        // Wrap $saveHandler in proxy
+        if (!$saveHandler instanceof AbstractProxy &&
+            !$saveHandler instanceof NativeSessionHandler &&
+            !$saveHandler instanceof \SessionHandlerInterface &&
+            null !== $saveHandler) {
+            throw new \InvalidArgumentException('Must be instance of AbstractProxy or NativeSessionHandler; implement \SessionHandlerInterface; or be null.');
+        }
+
+        // Wrap $saveHandler in proxy and prevent double wrapping of proxy
         if (!$saveHandler instanceof AbstractProxy && $saveHandler instanceof \SessionHandlerInterface) {
             $saveHandler = new SessionHandlerProxy($saveHandler);
         } elseif (!$saveHandler instanceof AbstractProxy) {
-            $saveHandler = new NativeProxy();
+            $saveHandler = version_compare(phpversion(), '5.4.0', '>=') ?
+                new SessionHandlerProxy(new \SessionHandler()) : new NativeProxy();
         }
-
         $this->saveHandler = $saveHandler;
 
         if ($this->saveHandler instanceof \SessionHandlerInterface) {

Session/Storage/PhpBridgeSessionStorage.php

@@ -0,0 +1,69 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\HttpFoundation\Session\Storage;
+
+use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;
+use Symfony\Component\HttpFoundation\Session\Storage\Proxy\AbstractProxy;
+use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeSessionHandler;
+
+/**
+ * Allows session to be started by PHP and managed by Symfony2
+ *
+ * @author Drak <drak@zikula.org>
+ */
+class PhpBridgeSessionStorage extends NativeSessionStorage
+{
+    /**
+     * Constructor.
+     *
+     * @param AbstractProxy|NativeSessionHandler|\SessionHandlerInterface|null $handler
+     * @param MetadataBag                                                      $metaBag MetadataBag
+     */
+    public function __construct($handler = null, MetadataBag $metaBag = null)
+    {
+        $this->setMetadataBag($metaBag);
+        $this->setSaveHandler($handler);
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function start()
+    {
+        if ($this->started && !$this->closed) {
+            return true;
+        }
+
+        $this->loadSession();
+        if (!$this->saveHandler->isWrapper() && !$this->saveHandler->isSessionHandlerInterface()) {
+            // This condition matches only PHP 5.3 + internal save handlers
+            $this->saveHandler->setActive(true);
+        }
+
+        return true;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function clear()
+    {
+        // clear out the bags and nothing else that may be set
+        // since the purpose of this driver is to share a handler
+        foreach ($this->bags as $bag) {
+            $bag->clear();
+        }
+
+        // reconnect the bags to the session
+        $this->loadSession();
+    }
+}

Session/Storage/Proxy/AbstractProxy.php

@@ -72,16 +72,31 @@ public function isWrapper()
      */
     public function isActive()
     {
+        if (version_compare(phpversion(), '5.4.0', '>=')) {
+            return $this->active = \PHP_SESSION_ACTIVE === session_status();
+        }
+
         return $this->active;
     }
 
     /**
      * Sets the active flag.
      *
+     * Has no effect under PHP 5.4+ as status is detected
+     * automatically in isActive()
+     *
+     * @internal
+     *
      * @param Boolean $flag
+     *
+     * @throws \LogicException
      */
     public function setActive($flag)
     {
+        if (version_compare(phpversion(), '5.4.0', '>=')) {
+            throw new \LogicException('This method is disabled in PHP 5.4.0+');
+        }
+
         $this->active = (bool) $flag;
     }