From 4171e0bd2259d63a6ca9391c74f650279fc5ba68 Mon Sep 17 00:00:00 2001
From: NewEraCracker <neweracracker@gmail.com>
Date: Fri, 8 Apr 2016 22:03:07 +0100
Subject: [PATCH] Better logic for session handling

It is non-sense to replace previous session module with the exact same session module... So making the original bugfix more generic
---
 session.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/session.c b/session.c
index 10c1652..0013ad4 100644
--- a/session.c
+++ b/session.c
@@ -260,13 +260,14 @@ static void suhosin_hook_session_module(TSRMLS_D)
 static PHP_INI_MH(suhosin_OnUpdateSaveHandler)
 {
     int r;
+    ps_module *original_mod = SUHOSIN_G(s_original_mod);
 
-    if (stage == PHP_INI_STAGE_RUNTIME && SESSION_G(session_status) == php_session_none && SUHOSIN_G(s_original_mod)
-        && strcmp(new_value, "user") == 0 && strcmp(((ps_module*)SUHOSIN_G(s_original_mod))->s_name, "user") == 0) {
+    /* During runtime stage, to prevent infinite loops, only update when new value is different than original */
+    if (stage == PHP_INI_STAGE_RUNTIME && original_mod && strcasecmp(original_mod->s_name, new_value) == 0) {
         return SUCCESS;
     }
 
-    SESSION_G(mod) = SUHOSIN_G(s_original_mod);
+    SESSION_G(mod) = original_mod;
 
     r = old_OnUpdateSaveHandler(entry, new_value, new_value_length, mh_arg1, mh_arg2, mh_arg3, stage TSRMLS_CC);