[HttpKernel] Dont store response cookies with HttpCache #24190
Conversation
|
TBH im just as scared of the opposite behavior really :) im not too familiar with HttpCache, so dont merge blindly. Status: Needs work |
|
How does Varnish behave here? What does the HTTP spec say about cookies? |
|
From https://varnish-cache.org/docs/5.1/users-guide/increasing-your-hitrate.html#cookies
Also think https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/HttpCache/HttpCache.php#L562 implies to preserve actually. Goal of this PR is to add a test in 3.3 for this :) |
|
Closing for now. Side effect is real; yet current behavior is the one expected IMHO. Tend to believe there be'd more issues if it was really bad :) |
Before #20569 response cookies, created using the object API, were not preserved in
ResponseHeaderBag::all(), thus not stored withHttpCache. Yet, cookies created with the string API did.That difference is now eliminated, but because of it we now always include all cookies 😅 Causing side effects here (mentioned on slack today). Sorry, i did not anticipated that.
I think the preferred behavior is to not store any cookies, as i tend to believe object api is used a lot more.
So this is a hotfix, whereas 3.4 might further discuss features about cookie policy.
Reporter notified, lets wait for confirmation a bit. But i think this should do.