fix(builtin): persist sess files with custom save handler#10
Merged
Conversation
BuiltinBackend::save() was a no-op, assuming PHP's native handler would still write session files. Once SessionHandler is registered via session_set_save_handler(), PHP only calls the backend save path. Without writing sess_<id> files, login worked in-memory for the current request but the next request loaded an empty session, causing a silent login loop back to login.php. Add BuiltinBackendTest covering save/load roundtrip.
Member
|
no, this is solved by installing the session_handler shim as a shutdown task. |
ralflang
approved these changes
Jun 11, 2026
ralflang
left a comment
ralflang
left a comment
Member
There was a problem hiding this comment.
I will accept and then rework this. This claims to be interoperable with PHP Builtin sessions but isn't - it's the Files backend in disguise.
ralflang
added a commit
that referenced
this pull request
Jun 11, 2026
…essionhandler This expands on #10 which was incompatible with PHP's original sessionhandler Now Horde's "BuiltinBackend" can read and write session files originally created by PHP's real "builtin" sessionhandler Adheres to session.save_path ini setting Does not auto-create subdirectories but throws exception if missing Still deviates in the way we handle locking and atomic writes
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fix BuiltinBackend session persistence with modern save handler
Summary
BuiltinBackend::save()to write PHP's defaultsess_<id>session filesProblem
Horde registers
Horde\SessionHandler\SessionHandlerviasession_set_save_handler().With
sessionhandler.type = builtin, PHP callsSessionHandler::write(), which delegatesto
BuiltinBackend::save().BuiltinBackend::save()was a no-op, with a comment assuming PHP's native handler wouldstill write files. That is no longer true once a custom save handler is installed.
Symptom: Login via
login.phpappeared to succeed (no error message), but the nextrequest loaded an empty session and redirected back to the login form.
Within a single request, auth lived only in memory; nothing was persisted to disk.
Solution
Write the serialized session blob to
sess_<id>under the configured save path (samelayout
load()already reads). ThrowRuntimeExceptionif the write fails, matchingFileBackendbehaviour.Test plan
sessionhandler.type = Builtinin a Horde deploymentlogin.phpwith valid credentialssess_<session_id>file exists under PHP's session save path after loginRelated
HordeSessiondata into$_SESSIONbefore PHP's savehandler runs; this fix ensures that mirrored payload is actually written when the
builtin backend is selected.