Add auto_regenerate option to CacheSessionPersistence

docs/book/v1/manual.md

@@ -36,7 +36,10 @@ The following details the constructor of the `Mezzio\Session\Cache\CacheSessionP
  * @param string $cookieSameSite The same-site rule to apply to the persisted
  *    cookie. Options include "Lax", "Strict", and "None".
  *    Available since 1.4.0
- *
+ * @param bool $autoRegenerate Whether or not the session ID should be
+ *    regenerated on session data changes
+ *    Available since 1.13.0
+ * 
  * @todo reorder these arguments so they make more sense and are in an
  *     order of importance
  */
@@ -51,7 +54,8 @@ public function __construct(
     string $cookieDomain = null,
     bool $cookieSecure = false,
     bool $cookieHttpOnly = false,
-    string $cookieSameSite = 'Lax'
+    string $cookieSameSite = 'Lax',
+    bool $autoRegenerate = true,
 ) {
 ```
 

psalm-baseline.xml

@@ -29,6 +29,7 @@
       <code>$cookieSecure</code>
       <code>$lastModified</code>
       <code>$persistent</code>
+      <code>$autoRegenerate</code>
     </MixedArgument>
     <MixedArrayAccess>
       <code><![CDATA[$config['cache_expire']]]></code>
@@ -43,6 +44,7 @@
       <code><![CDATA[$config['last_modified']]]></code>
       <code><![CDATA[$config['mezzio-session-cache']]]></code>
       <code><![CDATA[$config['persistent']]]></code>
+      <code><![CDATA[$config['auto_regenerate']]]></code>
     </MixedArrayAccess>
     <MixedAssignment>
       <code>$cacheExpire</code>
@@ -58,6 +60,7 @@
       <code>$cookieSecure</code>
       <code>$lastModified</code>
       <code>$persistent</code>
+      <code>$autoRegenerate</code>
     </MixedAssignment>
   </file>
   <file src="test/Asset/TestHandler.php">

src/CacheSessionPersistence.php

@@ -34,6 +34,7 @@ class CacheSessionPersistence implements SessionPersistenceInterface
     private CacheItemPoolInterface $cache;
 
     private bool $persistent;
+    private bool $autoRegenerate;
 
     /**
      * Prepare session cache and default HTTP caching headers.
@@ -67,6 +68,8 @@ class CacheSessionPersistence implements SessionPersistenceInterface
      *                       be accessed by client-side apis.
      * @param string                 $cookieSameSite The same-site rule to apply to the persisted
      *                    cookie. Options include "Lax", "Strict", and "None".
+     * @param bool                   $autoRegenerate Whether or not the session ID should be
+     *                       regenerated on session data changes
      * @todo reorder the constructor arguments
      */
     public function __construct(
@@ -80,7 +83,8 @@ public function __construct(
         ?string $cookieDomain = null,
         bool $cookieSecure = false,
         bool $cookieHttpOnly = false,
-        string $cookieSameSite = 'Lax'
+        string $cookieSameSite = 'Lax',
+        bool $autoRegenerate = true
     ) {
         $this->cache = $cache;
 
@@ -112,6 +116,8 @@ public function __construct(
             : $this->getLastModified();
 
         $this->persistent = $persistent;
+
+        $this->autoRegenerate = $autoRegenerate;
     }
 
     public function initializeSessionFromRequest(ServerRequestInterface $request): SessionInterface
@@ -139,8 +145,8 @@ public function persistSession(SessionInterface $session, ResponseInterface $res
         // Regenerate the session if:
         // - we have no session identifier
         // - the session is marked as regenerated
-        // - the session has changed (data is different)
-        if ('' === $id || $session->isRegenerated() || $session->hasChanged()) {
+        // - the session has changed (data is different) and autoRegenerate is turned on (default) in the configuration
+        if ('' === $id || $session->isRegenerated() || ($this->autoRegenerate && $session->hasChanged())) {
             $id = $this->regenerateSession($id);
         }
 

src/CacheSessionPersistenceFactory.php

@@ -34,6 +34,7 @@ public function __invoke(ContainerInterface $container)
         $cacheExpire    = $config['cache_expire'] ?? 10800;
         $lastModified   = $config['last_modified'] ?? null;
         $persistent     = $config['persistent'] ?? false;
+        $autoRegenerate = $config['auto_regenerate'] ?? true;
 
         return new CacheSessionPersistence(
             $container->get($cacheService),
@@ -46,7 +47,8 @@ public function __invoke(ContainerInterface $container)
             $cookieDomain,
             $cookieSecure,
             $cookieHttpOnly,
-            $cookieSameSite
+            $cookieSameSite,
+            $autoRegenerate
         );
     }
 }

test/CacheSessionPersistenceFactoryTest.php

@@ -74,6 +74,7 @@ public function testFactoryUsesSaneDefaultsForConstructorArguments(): void
         $this->assertAttributeSame(10800, 'cacheExpire', $persistence);
         $this->assertAttributeNotEmpty('lastModified', $persistence);
         $this->assertAttributeSame(false, 'persistent', $persistence);
+        $this->assertAttributeSame(true, 'autoRegenerate', $persistence);
     }
 
     public function testFactoryAllowsConfiguringAllConstructorArguments(): void
@@ -95,6 +96,7 @@ public function testFactoryAllowsConfiguringAllConstructorArguments(): void
                 'cache_expire'     => 300,
                 'last_modified'    => $lastModified,
                 'persistent'       => true,
+                'auto_regenerate'  => false,
             ],
         ]);
 
@@ -115,6 +117,7 @@ public function testFactoryAllowsConfiguringAllConstructorArguments(): void
             $persistence
         );
         $this->assertAttributeSame(true, 'persistent', $persistence);
+        $this->assertAttributeSame(false, 'autoRegenerate', $persistence);
     }
 
     public function testFactoryAllowsConfiguringCacheAdapterServiceName(): void

test/CacheSessionPersistenceIntegrationTest.php

@@ -111,4 +111,40 @@ public function testThatAChangedSessionWillCauseRegenerationAndASetCookieHeader(
         $value = $item->get();
         self::assertNull($value, 'The previous session data should have been deleted');
     }
+
+    public function testThatAChangedSessionWillNotCauseRegenerationWhenAutoRegenerateIsFalse(): void
+    {
+        $this->storage = new CacheSessionPersistence(
+            $this->cache,
+            cookieName: 'Session',
+            autoRegenerate: false,
+        );
+
+        $item = $this->cache->getItem('foo');
+        $item->set(['foo' => 'bar']);
+        $this->cache->save($item);
+
+        $request    = (new ServerRequest())->withHeader('Cookie', 'Session=foo;');
+        $middleware = new SessionMiddleware($this->storage);
+        $handler    = new TestHandler();
+        $handler->setSessionVariable('something', 'groovy');
+        $response = $middleware->process($request, $handler);
+
+        $setCookie = SetCookies::fromResponse($response);
+        $cookie    = $setCookie->get('Session');
+        self::assertNotNull($cookie);
+
+        $id = $cookie->getValue();
+        self::assertNotNull($id);
+
+        self::assertSame('foo', $id);
+        self::assertNotSame($handler->response, $response);
+
+        $item  = $this->cache->getItem('foo');
+        $value = $item->get();
+        self::assertSame([
+            'foo'       => 'bar',
+            'something' => 'groovy',
+        ], $value, 'The session data should have been updated');
+    }
 }