From 04c9d1ac6af1e5861edaaac3a34001d4ae0f598b Mon Sep 17 00:00:00 2001
From: Wouter de Jong <wouter@wouterj.nl>
Date: Thu, 3 Jun 2021 16:11:19 +0200
Subject: [PATCH] Only trigger for the correct firewall in
 ContextListener::onKernelResponse()

---
 Firewall/ContextListener.php           | 4 ++--
 Tests/Firewall/ContextListenerTest.php | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/Firewall/ContextListener.php b/Firewall/ContextListener.php
index 9416777b..098a2225 100644
--- a/Firewall/ContextListener.php
+++ b/Firewall/ContextListener.php
@@ -95,7 +95,7 @@ public function authenticate(RequestEvent $event)
         $request = $event->getRequest();
         $session = $request->hasPreviousSession() && $request->hasSession() ? $request->getSession() : null;
 
-        $request->attributes->set('_security_firewall_run', true);
+        $request->attributes->set('_security_firewall_run', $this->sessionKey);
 
         if (null !== $session) {
             $usageIndexValue = $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0;
@@ -169,7 +169,7 @@ public function onKernelResponse(ResponseEvent $event)
 
         $request = $event->getRequest();
 
-        if (!$request->hasSession() || !$request->attributes->get('_security_firewall_run', false)) {
+        if (!$request->hasSession() || $request->attributes->get('_security_firewall_run') !== $this->sessionKey) {
             return;
         }
 
diff --git a/Tests/Firewall/ContextListenerTest.php b/Tests/Firewall/ContextListenerTest.php
index f995d215..bf9b028d 100644
--- a/Tests/Firewall/ContextListenerTest.php
+++ b/Tests/Firewall/ContextListenerTest.php
@@ -106,7 +106,7 @@ public function testOnKernelResponseWithoutSession()
         $tokenStorage = new TokenStorage();
         $tokenStorage->setToken(new UsernamePasswordToken('test1', 'pass1', 'phpunit'));
         $request = new Request();
-        $request->attributes->set('_security_firewall_run', true);
+        $request->attributes->set('_security_firewall_run', '_security_session');
         $session = new Session(new MockArraySessionStorage());
         $request->setSession($session);
 
@@ -212,7 +212,7 @@ public function testOnKernelResponseListenerRemovesItself()
         $listener = new ContextListener($tokenStorage, [], 'key123', null, $dispatcher);
 
         $request = new Request();
-        $request->attributes->set('_security_firewall_run', true);
+        $request->attributes->set('_security_firewall_run', '_security_key123');
         $request->setSession($session);
 
         $event = new ResponseEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST, new Response());
@@ -370,7 +370,7 @@ protected function runSessionOnKernelResponse($newToken, $original = null)
     {
         $session = new Session(new MockArraySessionStorage());
         $request = new Request();
-        $request->attributes->set('_security_firewall_run', true);
+        $request->attributes->set('_security_firewall_run', '_security_session');
         $request->setSession($session);
         $requestStack = new RequestStack();
         $requestStack->push($request);