From 3cff986d2c42518cc8ce548212e5543dc47c2c12 Mon Sep 17 00:00:00 2001
From: Carsten Brandt <mail@cebe.cc>
Date: Fri, 6 Dec 2024 15:29:29 +0100
Subject: [PATCH] Fix #20292: yii\web\Session should not set cookie params,
 when useCookies is false

Upgrading from PHP 8.3.7 to 8.3.14 breaks yii\web\Session when used with useCookies = false.

Error: Session cookies cannot be used when session.use_cookies is disabled.
---
 framework/CHANGELOG.md    | 1 +
 framework/web/Session.php | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index 600a3420746..ab80178046d 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -4,6 +4,7 @@ Yii Framework 2 Change Log
 2.0.52 under development
 ------------------------
 
+- Bug #20292: Fix `\yii\web\Session` should not set cookie params, when useCookie is false (cebe)
 - Bug #20232: Fix regression introduced in `GHSA-cjcc-p67m-7qxm` while attaching behavior defined by `__class` array key (erickskrauch)
 - Bug #20231: Fix regression introduced in #20167 in `yii\validators\FileValidator` (bizley)
 - Enh #20247: Support for variadic console controller action methods (brandonkelly)
diff --git a/framework/web/Session.php b/framework/web/Session.php
index 98e80495500..0e76dffa7f4 100644
--- a/framework/web/Session.php
+++ b/framework/web/Session.php
@@ -145,7 +145,9 @@ public function open()
 
         $this->registerSessionHandler();
 
-        $this->setCookieParamsInternal();
+        if ($this->getUseCookies() !== false) {
+            $this->setCookieParamsInternal();
+        }
 
         YII_DEBUG ? session_start() : @session_start();