issue/4-sessions-auth #10
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "issue/4-sessions-auth"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
CRITICAL FIXES: 1. SessionManager.php:127 - Fix operator precedence in production check - Changed: ($_ENV['APP_ENV'] ?? getenv('APP_ENV') === 'production') - To: (($_ENV['APP_ENV'] ?? getenv('APP_ENV')) === 'production') - Ensures secure flag only set in production environment 2. MigrationRunner.php:98-99 - Fix misleading lock comment - Changed comment from 'non-blocking' to accurate description - flock(LOCK_EX) is blocking, used to ensure only one process migrates IMPORTANT FIXES: 3. SessionManager.php:71-74 - Add session initialization check - Check session_status() !== PHP_SESSION_ACTIVE before accessing $_SESSION - Prevents E_WARNING on array key access 4. PdoFactory.php:21-29 - Add error handling for PDO creation - Wrap in try-catch for PDOException - Throw RuntimeException with context (tenant ID, path, original error) 5. MigrationRunner.php:86-108 - Add proper lock error handling - fopen() failure now throws RuntimeException instead of silent null - flock() check validates lock was actually acquired - Prevents race conditions when lock fails MINOR FIX: 6. TenantContextHolder.php:31-35 - Add validation logging - Log warning when getTenantIdForDatabase() called without setFromRequest() - Helps detect integration issues where tenant context wasn't initialized All 84 unit tests pass with these changes. Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>