MAGETWO-93628: Shopping cart is emptied after reset password procedure

Author: dhorytskyi

app/code/Magento/Customer/Model/AccountManagement.php

@@ -702,7 +702,11 @@ public function resetPassword($email, $resetToken, $newPassword)
         $customerSecure->setRpTokenCreatedAt(null);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
         $this->destroyCustomerSessions($customer->getId());
-        $this->sessionManager->destroy(['send_expire_cookie' => false]);
+        if ($this->sessionManager->isSessionExists()) {
+            //delete old session and move data to the new session
+            //use this instead of $this->sessionManager->regenerateId because last one doesn't delete old session
+            session_regenerate_id(true);
+        }
         $this->customerRepository->save($customer);
 
         return true;

app/code/Magento/Customer/Test/Unit/Model/AccountManagementTest.php

@@ -1607,9 +1607,7 @@ function ($string) {
         $this->customerSecure->expects($this->once())->method('setRpTokenCreatedAt')->with(null);
         $this->customerSecure->expects($this->any())->method('setPasswordHash')->willReturn(null);
 
-        $this->sessionManager->expects($this->once())
-            ->method('destroy')
-            ->with(['send_expire_cookie' => false]);
+        $this->sessionManager->method('isSessionExists')->willReturn(false);
         $this->sessionManager->expects($this->atLeastOnce())->method('getSessionId');
         $visitor = $this->getMockBuilder(\Magento\Customer\Model\Visitor::class)
             ->disableOriginalConstructor()

lib/internal/Magento/Framework/Session/SessionManager.php

@@ -353,6 +353,7 @@ public function destroy(array $options = null)
         }
 
         session_regenerate_id(true);
+        session_destroy();
         if ($options['send_expire_cookie']) {
             $this->expireSessionCookie();
         }