Skip to content

[FrameworkBundle] Deprecate session.storage service #40048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Feb 14, 2021
Merged

[FrameworkBundle] Deprecate session.storage service #40048

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions UPGRADE-5.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ Form
FrameworkBundle
---------------

* Deprecate the `session.storage` alias and `session.storage.*` services, use the `session.storage.factory` alias and `session.storage.factory.*` services instead
* Deprecate the `framework.session.storage_id` configuration option, use the `framework.session.storage_factory_id` configuration option instead
* Deprecate the `session` service and the `SessionInterface` alias, use the `\Symfony\Component\HttpFoundation\Request::getSession()` or the new `\Symfony\Component\HttpFoundation\RequestStack::getSession()` methods instead

HttpFoundation
Expand Down
2 changes: 2 additions & 0 deletions UPGRADE-6.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,8 @@ Form
FrameworkBundle
---------------

* Remove the `session.storage` alias and `session.storage.*` services, use the `session.storage.factory` alias and `session.storage.factory.*` services instead
* Remove `framework.session.storage_id` configuration option, use the `framework.session.storage_factory_id` configuration option instead
* Remove the `session` service and the `SessionInterface` alias, use the `\Symfony\Component\HttpFoundation\Request::getSession()` or the new `\Symfony\Component\HttpFoundation\RequestStack::getSession()` methods instead
* `MicroKernelTrait::configureRoutes()` is now always called with a `RoutingConfigurator`
* The "framework.router.utf8" configuration option defaults to `true`
Expand Down
2 changes: 2 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ CHANGELOG
5.3
---

* Deprecate the `session.storage` alias and `session.storage.*` services, use the `session.storage.factory` alias and `session.storage.factory.*` services instead
* Deprecate the `framework.session.storage_id` configuration option, use the `framework.session.storage_factory_id` configuration option instead
* Deprecate the `session` service and the `SessionInterface` alias, use the `Request::getSession()` or the new `RequestStack::getSession()` methods instead
* Added `AbstractController::renderForm()` to render a form and set the appropriate HTTP status code
* Added support for configuring PHP error level to log levels
Expand Down
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ class SessionPass implements CompilerPassInterface
{
public function process(ContainerBuilder $container)
{
if (!$container->has('session.storage')) {
if (!$container->has('session.factory')) {
return;
}

Expand Down
7 changes: 7 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -600,8 +600,15 @@ private function addSessionSection(ArrayNodeDefinition $rootNode)
->arrayNode('session')
->info('session configuration')
->canBeEnabled()
->beforeNormalization()
->ifTrue(function ($v) {
return \is_array($v) && isset($v['storage_id']) && isset($v['storage_factory_id']);
})
->thenInvalid('You cannot use both "storage_id" and "storage_factory_id" at the same time under "framework.session"')
->end()
->children()
->scalarNode('storage_id')->defaultValue('session.storage.native')->end()
->scalarNode('storage_factory_id')->defaultNull()->end()
->scalarNode('handler_id')->defaultValue('session.handler.native_file')->end()
->scalarNode('name')
->validate()
Expand Down
41 changes: 33 additions & 8 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@
use Symfony\Component\HttpClient\RetryableHttpClient;
use Symfony\Component\HttpClient\ScopingHttpClient;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
use Symfony\Component\HttpKernel\CacheClearer\CacheClearerInterface;
use Symfony\Component\HttpKernel\CacheWarmer\CacheWarmerInterface;
use Symfony\Component\HttpKernel\Controller\ArgumentValueResolverInterface;
Expand Down Expand Up @@ -1028,7 +1029,20 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
$loader->load('session.php');

// session storage
$container->setAlias('session.storage', $config['storage_id']);
if (null === $config['storage_factory_id']) {
trigger_deprecation('symfony/framework-bundle', '5.3', 'Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.');
$container->setAlias('session.storage', $config['storage_id']);
$container->setAlias('session.storage.factory', 'session.storage.factory.service');
} else {
$container->setAlias('session.storage.factory', $config['storage_factory_id']);

$container->removeAlias(SessionStorageInterface::class);
$container->removeDefinition('session.storage.metadata_bag');
$container->removeDefinition('session.storage.native');
$container->removeDefinition('session.storage.php_bridge');
$container->removeAlias('session.storage.filesystem');
}

$options = ['cache_limiter' => '0'];
foreach (['name', 'cookie_lifetime', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'cookie_samesite', 'use_cookies', 'gc_maxlifetime', 'gc_probability', 'gc_divisor', 'sid_length', 'sid_bits_per_character'] as $key) {
if (isset($config[$key])) {
Expand All @@ -1037,20 +1051,31 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
}

if ('auto' === ($options['cookie_secure'] ?? null)) {
$locator = $container->getDefinition('session_listener')->getArgument(0);
$locator->setValues($locator->getValues() + [
'session_storage' => new Reference('session.storage', ContainerInterface::IGNORE_ON_INVALID_REFERENCE),
'request_stack' => new Reference('request_stack'),
]);
if (null === $config['storage_factory_id']) {
$locator = $container->getDefinition('session_listener')->getArgument(0);
$locator->setValues($locator->getValues() + [
'session_storage' => new Reference('session.storage', ContainerInterface::IGNORE_ON_INVALID_REFERENCE),
'request_stack' => new Reference('request_stack'),
]);
} else {
$container->getDefinition('session.storage.factory.native')->replaceArgument(3, true);
$container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true);
}
}

$container->setParameter('session.storage.options', $options);

// session handler (the internal callback registered with PHP session management)
if (null === $config['handler_id']) {
// Set the handler class to be null
$container->getDefinition('session.storage.native')->replaceArgument(1, null);
$container->getDefinition('session.storage.php_bridge')->replaceArgument(0, null);
if ($container->hasDefinition('session.storage.native')) {
$container->getDefinition('session.storage.native')->replaceArgument(1, null);
$container->getDefinition('session.storage.php_bridge')->replaceArgument(0, null);
} else {
$container->getDefinition('session.storage.factory.native')->replaceArgument(1, null);
$container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null);
}

$container->setAlias('session.handler', 'session.handler.native_file');
} else {
$container->resolveEnvPlaceholders($config['handler_id'], null, $usedEnvs);
Expand Down
3 changes: 1 addition & 2 deletions src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpKernel\HttpKernelBrowser;
use Symfony\Component\HttpKernel\KernelInterface;
use Symfony\Component\HttpKernel\Profiler\Profile as HttpProfile;
Expand Down Expand Up @@ -123,7 +122,7 @@ public function loginUser($user, string $firewallContext = 'main'): self

$token = new TestBrowserToken($user->getRoles(), $user);
$token->setAuthenticated(true);
$session = new Session($this->getContainer()->get('test.service_container')->get('session.storage'));
$session = $this->getContainer()->get('test.service_container')->get('session.factory')->createSession();
$session->set('_security_'.$firewallContext, serialize($token));
$session->save();

Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@

<xsd:complexType name="session">
<xsd:attribute name="enabled" type="xsd:boolean" />
<xsd:attribute name="storage-factory-id" type="xsd:string" />
<xsd:attribute name="storage-id" type="xsd:string" />
<xsd:attribute name="handler-id" type="xsd:string" />
<xsd:attribute name="name" type="xsd:string" />
Expand Down
56 changes: 53 additions & 3 deletions src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\SessionFactory;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler;
use Symfony\Component\HttpFoundation\Session\Storage\Handler\IdentityMarshaller;
Expand All @@ -25,8 +26,12 @@
use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler;
use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;
use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorage;
use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorageFactory;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory;
use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorage;
use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorageFactory;
use Symfony\Component\HttpFoundation\Session\Storage\ServiceSessionFactory;
use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
use Symfony\Component\HttpKernel\EventListener\SessionListener;

Expand All @@ -35,37 +40,80 @@

$container->services()
->set('.session.do-not-use', Session::class) // to be removed in 6.0
->factory([service('session.factory'), 'createSession'])
->set('session.factory', SessionFactory::class)
->args([
service('session.storage'),
null, // AttributeBagInterface
null, // FlashBagInterface
service('request_stack'),
service('session.storage.factory'),
[service('session_listener'), 'onSessionUsage'],
])

->set('session.storage.factory.native', NativeSessionStorageFactory::class)
->args([
param('session.storage.options'),
service('session.handler'),
inline_service(MetadataBag::class)
->args([
param('session.metadata.storage_key'),
param('session.metadata.update_threshold'),
]),
false,
])
->set('session.storage.factory.php_bridge', PhpBridgeSessionStorageFactory::class)
->args([
service('session.handler'),
inline_service(MetadataBag::class)
->args([
param('session.metadata.storage_key'),
param('session.metadata.update_threshold'),
]),
false,
])
->set('session.storage.factory.mock_file', MockFileSessionStorageFactory::class)
->args([
param('kernel.cache_dir').'/sessions',
'MOCKSESSID',
inline_service(MetadataBag::class)
->args([
param('session.metadata.storage_key'),
param('session.metadata.update_threshold'),
]),
])
->set('session.storage.factory.service', ServiceSessionFactory::class)
->args([
service('session.storage'),
])
->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native", "session.storage.factory.php_bridge" or "session.storage.factory.mock_file" instead.')

->set('.session.deprecated', SessionInterface::class) // to be removed in 6.0
->factory([inline_service(DeprecatedSessionFactory::class)->args([service('request_stack')]), 'getSession'])
->alias(SessionInterface::class, '.session.do-not-use')
->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "$requestStack->getSession()" instead.')
->alias(SessionStorageInterface::class, 'session.storage')
->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory" instead.')
->alias(\SessionHandlerInterface::class, 'session.handler')

->set('session.storage.metadata_bag', MetadataBag::class)
->args([
param('session.metadata.storage_key'),
param('session.metadata.update_threshold'),
])
->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, create your own "session.storage.factory" instead.')

->set('session.storage.native', NativeSessionStorage::class)
->args([
param('session.storage.options'),
service('session.handler'),
service('session.storage.metadata_bag'),
])
->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native" instead.')

->set('session.storage.php_bridge', PhpBridgeSessionStorage::class)
->args([
service('session.handler'),
service('session.storage.metadata_bag'),
])
->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.php_bridge" instead.')

->set('session.flash_bag', FlashBag::class)
->factory([service('.session.do-not-use'), 'getFlashBag'])
Expand All @@ -83,6 +131,7 @@
'MOCKSESSID',
service('session.storage.metadata_bag'),
])
->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.mock_file" instead.')

->set('session.handler.native_file', StrictSessionHandler::class)
->args([
Expand All @@ -108,6 +157,7 @@

// for BC
->alias('session.storage.filesystem', 'session.storage.mock_file')
->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory.mock_file" instead.')

->set('session.marshaller', IdentityMarshaller::class)

Expand Down
6 changes: 3 additions & 3 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Compiler/SessionPassTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ public function testProcess()
{
$container = new ContainerBuilder();
$container
->register('session.storage'); // marker service
->register('session.factory'); // marker service
$container
->register('.session.do-not-use');

Expand All @@ -41,7 +41,7 @@ public function testProcessUserDefinedSession()
];
$container = new ContainerBuilder();
$container
->register('session.storage'); // marker service
->register('session.factory'); // marker service
$container
->register('session')
->setArguments($arguments);
Expand Down Expand Up @@ -70,7 +70,7 @@ public function testProcessUserDefinedAlias()
];
$container = new ContainerBuilder();
$container
->register('session.storage'); // marker service
->register('session.factory'); // marker service
$container
->register('trueSession')
->setArguments($arguments);
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/ConfigurationTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -463,6 +463,7 @@ protected static function getBundleDefaultConfig()
'session' => [
'enabled' => false,
'storage_id' => 'session.storage.native',
'storage_factory_id' => null,
'handler_id' => 'session.handler.native_file',
'cookie_httponly' => true,
'cookie_samesite' => null,
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/csrf.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
'legacy_error_messages' => false,
],
'session' => [
'storage_factory_id' => 'session.storage.factory.native',
'handler_id' => null,
],
]);
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
'utf8' => true,
],
'session' => [
'storage_id' => 'session.storage.native',
'storage_factory_id' => 'session.storage.factory.native',
'handler_id' => 'session.handler.native_file',
'name' => '_SYMFONY',
'cookie_lifetime' => 86400,
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

$container->loadFromExtension('framework', [
'session' => [
'storage_factory_id' => 'session.storage.factory.native',
'handler_id' => null,
],
]);
1 change: 1 addition & 0 deletions ...dle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

$container->loadFromExtension('framework', [
'session' => [
'storage_factory_id' => 'session.storage.factory.native',
'handler_id' => null,
'cookie_secure' => 'auto',
],
Expand Down
9 changes: 9 additions & 0 deletions ...meworkBundle/Tests/DependencyInjection/Fixtures/php/session_cookie_secure_auto_legacy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
<?php

// To be removed in Symfony 6.0
$container->loadFromExtension('framework', [
'session' => [
'handler_id' => null,
'cookie_secure' => 'auto',
],
]);
8 changes: 8 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/session_legacy.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<?php

// To be removed in Symfony 6.0
$container->loadFromExtension('framework', [
'session' => [
'handler_id' => null,
],
]);
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/csrf.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,6 @@
<framework:config>
<framework:csrf-protection />
<framework:form legacy-error-messages="false" />
<framework:session />
<framework:session storage-factory-id="session.storage.factory.native" />
</framework:config>
</container>
2 changes: 1 addition & 1 deletion ...ndle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_sets_field_name.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@

<framework:config>
<framework:csrf-protection field-name="_custom" />
<framework:session />
<framework:session storage-factory-id="session.storage.factory.native" />
<framework:form legacy-error-messages="false" />
</framework:config>
</container>
2 changes: 1 addition & 1 deletion ...orkBundle/Tests/DependencyInjection/Fixtures/xml/form_csrf_under_form_sets_field_name.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,6 @@
<framework:config>
<framework:csrf-protection field-name="_custom_form" />
<framework:form legacy-error-messages="false" />
<framework:session />
<framework:session storage-factory-id="session.storage.factory.native" />
</framework:config>
</container>
2 changes: 1 addition & 1 deletion src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<framework:ssi enabled="true" />
<framework:profiler only-exceptions="true" enabled="false" />
<framework:router resource="%kernel.project_dir%/config/routing.xml" type="xml" utf8="true" />
<framework:session gc-maxlifetime="90000" gc-probability="1" gc-divisor="108" storage-id="session.storage.native" handler-id="session.handler.native_file" name="_SYMFONY" cookie-lifetime="86400" cookie-path="/" cookie-domain="example.com" cookie-secure="true" cookie-httponly="false" use-cookies="true" save-path="/path/to/sessions" sid-length="22" sid-bits-per-character="4" />
<framework:session gc-maxlifetime="90000" gc-probability="1" gc-divisor="108" storage-factory-id="session.storage.factory.native" handler-id="session.handler.native_file" name="_SYMFONY" cookie-lifetime="86400" cookie-path="/" cookie-domain="example.com" cookie-secure="true" cookie-httponly="false" use-cookies="true" save-path="/path/to/sessions" sid-length="22" sid-bits-per-character="4" />
<framework:request>
<framework:format name="csv">
<framework:mime-type>text/csv</framework:mime-type>
Expand Down
Loading