From e62ef280353a230d0c1539b2050082f4e0da9ed2 Mon Sep 17 00:00:00 2001
From: Dave Mc Nicoll <dave.mcnicoll@cslsj.qc.ca>
Date: Wed, 29 Jan 2020 16:16:00 -0500
Subject: [PATCH] - Fixed a session bug where cookie was rewriting session's
 cookie with a bad session_id

---
 src/Cookie.php  | 12 ++++++------
 src/Session.php | 12 +++++++-----
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/src/Cookie.php b/src/Cookie.php
index 8139518..adc63fa 100644
--- a/src/Cookie.php
+++ b/src/Cookie.php
@@ -40,7 +40,8 @@ class Cookie {
         ?bool $secure = null,
         ?bool $httponly = null,
         ?string $samesite = null,
-        ?bool $raw = false
+        ?bool $raw = false,
+        ?bool $skipHash = false
     ) {
         if ( headers_sent() ) {
             return false;
@@ -59,27 +60,26 @@ class Cookie {
             'samesite' => $this->options['samesite'] ?? ( $samesite ?: "" ),
         ];
 
-        if ( $value ) {
+        if ( $value && ! $skipHash ) {
             $value = sha1($this->secureHash . $value . $this->secureHash) . "|$value";
         }
 
         return $raw ? setrawcookie($name, $value ?: "", $options) : setcookie($name, $value ?: "", $options);
     }
 
-
     /**
      * Fetch a cookie value, using the Input library.
      * @param   string   cookie name
      * @param   mixed    default value
      * @return  string
      */
-    public function get(string $key, $default = null)
+    public function get(string $key, $default = null, $skipHash = false)
     {
         if ( ! $this->has($key) ) {
             return $default;
         }
 
-        if ( $this->secureHash ) {
+        if ( $this->secureHash && ! $skipHash ) {
             list($hash, $value) = explode('|', $_COOKIE[$key], 2);
 
             if (! $this->isSecure($hash, $value)) {
@@ -111,7 +111,7 @@ class Cookie {
 
         unset( $_COOKIE[$name] );
 
-        return $this->set($name, '', -86400, $path ?: ( $this->options['path'] ?? "" ), $domain ?: ( $this->options['domain'] ?? "" ), $this->options['secure'] ?? false, $this->options['httponly'] ?? false);
+        return $this->set($name, '', -86400, $path ?: ( $this->options['path'] ?? "" ), $domain ?: ( $this->options['domain'] ?? "" ), $this->options['secure'] ?? false, $this->options['httponly'] ?? false, null, false, true);
     }
 
     public function isSecure($hash, $value) : bool
diff --git a/src/Session.php b/src/Session.php
index 1c9c7cf..6b7c822 100644
--- a/src/Session.php
+++ b/src/Session.php
@@ -4,7 +4,7 @@ namespace Storage;
 
 use session_name, session_id, session_start, session_destroy, session_save_path,
     session_regenerate_id, session_cache_limiter, session_get_cookie_params,
-    session_set_cookie_params, session_status, time, array_key_exists;
+    session_set_cookie_params, session_status, session_write_close, time, array_key_exists;
 
 class Session
 {
@@ -54,17 +54,19 @@ class Session
 
         if ( version_compare(PHP_VERSION, '7.3.0') >= 0 ) {
             session_set_cookie_params($params);
+            # var_dump($params); die();
         }
         else {
             session_set_cookie_params( ...array_values(array_slice($params, 0, 5)) );
         }
-
+        
         session_name($options['name']);
         session_cache_limiter($options['cache_limiter'] ?? 'nocache');
         session_start();
-
-        # Reset timeout after session started
-        $cookie->set(session_name(), session_id(), time() + $params['lifetime'], $params['path'], $params['domain'], $params['secure'], $params['httponly'], $params['samesite']);
+    }
+    
+    public static function stop() {
+        session_write_close();
     }
 
     public static function regenerate()