[2.1][HttpFoundation] Added some basic meta-data to Session #3718
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /** | ||
| * Constructor. | ||
| * | ||
| * @param string $storageKey The key used to store flashes in the session. |
There was a problem hiding this comment.
typo here: flashes -> meta
This was referenced Mar 30, 2012
|
@fabpot I have removed [WIP] status. |
| * | ||
| * @return MetaBag | ||
| */ | ||
| public function getMeta() |
There was a problem hiding this comment.
I disagree with the naming.
- The word
metaalone makes no sense here. I guess you mean metadata. - The method is missing the
Bagsuffix to be in line withgetFlashBag
So the method name should be getMetadataBag and the class must also be renamed accordingly.
There was a problem hiding this comment.
To be honest, getFlashBag() is only named as such because it conflicts with a method kept for BC. While this is a bag, it's also not really a bag in the sense of being optional. I agree that maybe Metadata is more explicit but meta does actually mean the same thing, abstract information which is what meta-data is. I would feel more inclined to remove Bag suffix in all references to this particular bag and just call it Metadata getMetadata() etc.
added 6 commits
March 31, 2012 19:12
This commit allows applications to know certain meta-data about the session Session storage is designed to only store some data against a session ID so this method is necessary to be compatible with any session handler, including native handlers.
SessionStorageInterface Added cookie_lifetime to the meta-data. This allows to know how old a cookie is and when the cookie will expire.
…session cookie expiry-time)
…ime on migrate(). This is a very important option which allows the cookie lifetime to be changed on migrate. For example when a user converts from an anonymous session to a logged in session one might wish to change from a persistent cookie to browser session (e.g. a banking application).
|
NB: This PR has been rebased and the tests relocated as per recent master changes. |
|
|
||
| public function testInitialize() | ||
| { | ||
| $p = new \ReflectionProperty('Symfony\Component\HttpFoundation\Session\Storage\MetadataBag', 'meta'); |
There was a problem hiding this comment.
This is not used anywhere. And meta property doesn't even exist.
There was a problem hiding this comment.
$p is used a little down in lines 57 and 65. The property value change was missing when I renamed the class, it's been fixed now.
|
@fabpot - ping |
|
@Drak: again, after I merge this PR, can you make sure that everything is documented properly in the documentation? Probably within a new cookbook article. Thanks. |
fabpot
added a commit
that referenced
this pull request
Apr 3, 2012
Commits ------- 8a0e6d2 [HttpFoundation] Update changelog. 4fc04fa [HttpFoundation] Renamed MetaBag to MetadataBag 2f03b31 [HttpFoundation] Added the ability to change the session cookie lifetime on migrate(). 39141e8 [HttpFoundation] Add ability to force the lifetime (allows update of session cookie expiry-time) ec3f88f [HttpFoundation] Add methods to interface 402254c [HttpFoundation] Changed meta-data responsibility to SessionStorageInterface d9fd14f [HttpFoundation] Refactored for moved tests location. 29bd787 [HttpFoundation] Added some basic meta-data to Session Discussion ---------- [2.1][HttpFoundation] Added some basic meta-data to Session Bug fix: no Feature addition: yes Backwards compatibility break: no Symfony2 tests pass: yes References the following tickets: #2171 Todo: - Session data is stored as an encoded string against a single id. If we want to store meta-data about the session, that data has to be stored as part of the session data to ensure the meta-data can persist using any session save handler. This patch makes it much easier to determine the logic of session expiration. In general a session expiry can be dealt with by the gc handlers, however, in some applications more specific expiry rules might be required. Session expiry may also be more complex than a simple, session was idle for x seconds. For example, in Zikula there are three security settings, Low, Medium and High. The rules for session expiry are more complex as under the Medium setting, a session will expire after x minutes idle time, unless the rememberme option was ticked on login. If so, the session will not idle. This gives the user some control over their experience. Under the high security setting, then there is no option, sessions will expire after the idle time is reached and login the UI has the rememberme checkbox removed. The other advantage is that under this methodology, there can be a UI experience on expiry, like "Sorry, your session expired due to being idle for 10 minutes". Keeping in the spirit of Symfony2 Components, I am seeking to make session handling flexible enough to accommodate these general requirements without specifically covering expiration rules. It would mean that it would be up to the implementing application to specifcally check and expire session after starting it. Expiration might look something like this: $session->start(); if (time() - $session->getMetadataBag()->getLastUpdate() > $maxIdleTime) { $session->invalidate(); throw new SessionExpired(); } This commit also brings the ability to change the `cookie_lifetime` when migrating a session. This means one could move from a default of browser only session cookie to long-lived cookie when changing from a anonymous to a logged in user for example. $session->migrate($destroy, $lifetime); --------------------------------------------------------------------------- by drak at 2012-03-30T18:18:43Z @fabpot I have removed [WIP] status. --------------------------------------------------------------------------- by drak at 2012-03-31T13:34:57Z NB: This PR has been rebased and the tests relocated as per recent master changes. --------------------------------------------------------------------------- by drak at 2012-04-03T02:16:43Z @fabpot - ping
|
@fabpot This is already documented. @weaverryan merged the doc PR a few hours ago and these changes were part of it |
|
Yes, the PR was symfony/symfony-docs#1191 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bug fix: no
Feature addition: yes
Backwards compatibility break: no
Symfony2 tests pass: yes
References the following tickets: #2171
Todo: -
Session data is stored as an encoded string against a single id. If we want to store meta-data about the session, that data has to be stored as part of the session data to ensure the meta-data can persist using any session save handler.
This patch makes it much easier to determine the logic of session expiration. In general a session expiry can be dealt with by the gc handlers, however, in some applications more specific expiry rules might be required.
Session expiry may also be more complex than a simple, session was idle for x seconds. For example, in Zikula there are three security settings, Low, Medium and High. The rules for session expiry are more complex as under the Medium setting, a session will expire after x minutes idle time, unless the rememberme option was ticked on login. If so, the session will not idle. This gives the user some control over their experience. Under the high security setting, then there is no option, sessions will expire after the idle time is reached and login the UI has the rememberme checkbox removed.
The other advantage is that under this methodology, there can be a UI experience on expiry, like "Sorry, your session expired due to being idle for 10 minutes".
Keeping in the spirit of Symfony2 Components, I am seeking to make session handling flexible enough to accommodate these general requirements without specifically covering expiration rules. It would mean that it would be up to the implementing application to specifcally check and expire session after starting it.
Expiration might look something like this:
This commit also brings the ability to change the
cookie_lifetimewhen migrating a session. This means one could move from a default of browser only session cookie to long-lived cookie when changing from a anonymous to a logged in user for example.