Description

I am opening an issue because it hits us hard recently

We are decoupling some frontend code via multiple render esi to allow unitary http caching of partial responses
Some of our actions will be stateless by design, so we added the route config stateless on it to be sure we can add cache control on it freely
Some other actions will be stateful and we rely on normal security logic (get the user, etc)
Our front main firewall is lazy

One main template can make 10+ render_esi, and for some routes declared stateless, we had one of our internal monolog processor that crashes because it started the session to get the user via the security logic (when we wanted not to as it can be optional for us to have the user log here)

After digging, we have found this class/service security.untracked_token_storage here #33663
(as well as some reference to monolog logic in its desc)

And when we swapped our internal processor declaration, the problem disappeared

RFCs:

• symfony/symfony-docs: document such service in this particular context? were one want an "optional" user in a stateless route?
• symfony/symfony: create an OptionalTokenProcessor ? (in the monolog bridge) (we have an internal one because we dont want all the data of the bridge one)
• symfony/symfony: configure the TokenProcessor class (of the bridge) with this service?

Many thanks

Example

    CoreBundle\Component\Monolog\Processor\UserProcessor:
        arguments:
-            - '@Symfony\Bundle\SecurityBundle\Security'
+            - '@security.untracked_token_storage'

- $user = $this->security->getUser();
+ $token = $this->tokenStorage->getToken();
+ $user = $token->getUser();

 if (null !== $user) {
    $logRecord->extra ///
}

edit: For the record, we just found this very old processor does not implements the interface of monolog processor interface, thus the biding failure from security token and session logic
after reading the PR related to the original PR found and interface added + namespace swap

lets close for now