Skip to content

Sessions are always started for anonymous users, unnessesarily. #6917

New issue
New issue
Closed
Closed
Sessions are always started for anonymous users, unnessesarily.#6917
@bendavies

Description

@bendavies
bendavies
opened on Jan 30, 2013

It appears that Symfony always starts a session for anonymous users, even though it may not be required.

The offending line appears to be

symfony/src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Line 125 in ef5300d

$session->remove('_security_'.$this->contextKey);

which triggers a session start.

This makes caching responses on Vary: Cookie pretty badly performing, as every new anonymous visitor is getting a new and unique php session id cookie and will result in a cache miss.

Obviously the preference would be that a session is not started for anonymous users unless absolutely necessary, thus triggering far more cache hits for Vary: Cookie response caching.

Apologies if my diagnoses or logic is completely wrong.

/ping @Drak @schmittjoh @lsmith77

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions