fix(session): use Horde_Core_Secret_Cbc type hint in SessionLifecycle#150
Closed
TDannhauer wants to merge 1 commit into
Closed
fix(session): use Horde_Core_Secret_Cbc type hint in SessionLifecycle#150TDannhauer wants to merge 1 commit into
TDannhauer wants to merge 1 commit into
Conversation
SessionLifecycle::__construct() expected ?Horde_Secret_Cbc, but that name is only a DI binding string. The factory resolves Horde_Core_Secret_Cbc, which caused a TypeError at runtime after today's horde/core update.
ralflang
requested changes
Jun 11, 2026
ralflang
left a comment
ralflang
left a comment
Member
There was a problem hiding this comment.
No, Lifecycle should not be a shutdown task. That belongs into Horde_Session legacy shim as it's old-stuff plumbing we explicitly don't want in the modern stackm
Contributor
Author
|
i'm fine with any other aproach, but current state breaks horde and horde-alarm (crontab spam) |
Member
Contributor
Author
|
your fixes work, lets close this :) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix SessionLifecycle secret type hint (
Horde_Secret_Cbc→Horde_Core_Secret_Cbc)Summary
$secretconstructor parameter inSessionLifecyclefrom?Horde_Secret_Cbcto?Horde_Core_Secret_Cbc.SessionLifecycleFactoryactually resolves from the injector.Problem
After the SessionLifecycle work landed on
FRAMEWORK_6_0(2026-06-11), Horde fails at request bootstrap with:Horde_Secret_Cbcis not a PHP class. It is the legacy injector binding name registered inDefaultInjectorBindings:SessionLifecycleFactory::create()correctly resolves the service via that string binding and receives aHorde_Core_Secret_Cbcinstance.HordeSessionFactory::create()uses the same pattern and documents why the binding name must not be confused with the concrete class.The constructor type hint incorrectly referenced the binding name as if it were a class, so PHP 8 strict typing rejected the factory-built instance at runtime.
Unit tests did not catch this because
SessionLifecycleTest::build()constructs the lifecycle without a secret (defaults tonull).Solution
Use
Horde_Core_Secret_Cbcin theSessionLifecycleconstructor type hint and update the related@param/@seedocblocks. No behavioural change — only the declared type is corrected.The factory continues to resolve
'Horde_Secret_Cbc'by binding name so the IV from$conf['secret_key']is still applied viaHorde_Core_Factory_Secret_Cbc.Files changed
src/Session/SessionLifecycle.phpTest plan
secret_key; confirm noSessionLifecycleTypeError in the RDE log.clean()/destroy()still re-key and clear the secret (setKey()/clearKey()onHorde_Core_Secret_Cbc).vendor/bin/phpunit test/Unit/Session/SessionLifecycleTest.php.SessionLifecyclewith aHorde_Core_Secret_Cbcmock (mirroringHordeSessionFactoryTest) to prevent regression.