symfony · Tobion · May 17, 2014 · May 18, 2014 · May 18, 2014 · May 18, 2014
diff --git a/UPGRADE-2.5.md b/UPGRADE-2.5.md
@@ -1,6 +1,26 @@
 UPGRADE FROM 2.4 to 2.5
 =======================
 
+HttpFoundation
+--------------
+
+ * The PdoSessionHandler to store sessions in a database changed significantly.
+   - It now implements session locking to prevent loss of data by concurrent access to the same session.
+     - It does so using a transaction between opening and closing a session. For this reason, it's not recommended to
+       use the same database connection that you also use for your application logic. Otherwise you have to make sure
+       to access your database after the session is closed and committed. Instead of passing an existing connection
+       to the handler, you can now also pass a DSN string which will be used to lazy-connect when a session is started.
+     - Since accessing a session now blocks when the same session is still open, it is best practice to save the session
+       as soon as you don't need to write to it anymore. For example, read-only AJAX request to a session can save the
+       session immediately after opening it to increase concurrency.
+   - The expected schema of the table changed.
+     - Session data is binary text that can contain null bytes and thus should also be saved as-is in a binary column like BLOB.
+       For this reason, the handler does not base64_encode the data anymore.
+     - A new column to store the lifetime of a session is required. This allows to have different lifetimes per session
+       configured via session.gc_maxlifetime ini setting.
+     - You would need to migrate the table manually if you want to keep session information of your users.
+     - You could use PdoSessionHandler::createTable to initialize a correctly defined table depending on the used database vendor.
+
 Routing
 -------
 

diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -4,6 +4,13 @@ CHANGELOG
 2.5.0
 -----
 
+ * PdoSessionHandler changes
+   - implemented session locking to prevent loss of data by concurrent access to the same session
+   - save session data in a binary column without base64_encode
+   - added lifetime column to the session table which allows to have different lifetimes for each session
+   - implemented lazy connections that are only opened when a session is used by either passing a dsn string explicitly
+     or falling back to session.save_path ini setting
+   - added a createTable method that initializes a correctly defined table depending on the database vendor
  * added `JsonResponse::setEncodingOptions()` & `JsonResponse::getEncodingOptions()` for easier manipulation
    of the options used while encoding data to JSON format.