fix(session): Log critical conditions where sessions might be lostfix/session/log-likely-lost-session-conditions

* Regenerating session when cookies can't be sent -> lost
* Regenerating session ID and deleting old data -> possible loss

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

1 files changed, 16 insertions, 0 deletions

diff --git a/lib/private/Session/Internal.php b/lib/private/Session/Internal.php
index e8e2a4f2d8e..112ce3342f2 100644
--- a/lib/private/Session/Internal.php
+++ b/lib/private/Session/Internal.php
@@ -36,6 +36,8 @@ namespace OC\Session;
 use OC\Authentication\Exceptions\InvalidTokenException;
 use OC\Authentication\Token\IProvider;
 use OCP\Session\Exceptions\SessionNotAvailableException;
+use function headers_sent;
+use function OCP\Log\logger;
 
 /**
  * Class Internal
@@ -138,6 +140,14 @@ class Internal extends Session {
 			}
 		}
 
+		if (headers_sent()) {
+			logger('core')->critical('Regenerating session ID but headers have been sent. This session will be lost.', [
+				'deleteOldSession' => $deleteOldSession,
+			]);
+		} elseif ($deleteOldSession) {
+			logger('core')->warning('Calling session_regenerate_id with delete_old_session=true can lead to lost sessions');
+		}
+
 		try {
 			@session_regenerate_id($deleteOldSession);
 		} catch (\Error $e) {
@@ -222,6 +232,12 @@ class Internal extends Session {
 		if (\OC::hasSessionRelaxedExpiry()) {
 			$sessionParams['read_and_close'] = $readAndClose;
 		}
+		if (headers_sent()) {
+			logger('core')->critical('Starting session but headers have been sent. This session will be lost.', [
+				'silence' => $silence,
+				'readAndClose' => $readAndClose,
+			]);
+		}
 		$this->invoke('session_start', [$sessionParams], $silence);
 	}
 }