10000 [FrameworkBundle] Deprecate `session.sid_length` and `session.sid_bit… · symfony/symfony@07f3dfe · GitHub
[go: up one dir, main page]
Skip to content

Commit 07f3dfe

Browse files
alexandre-dauboisalexandre-daubois
committed
[FrameworkBundle] Deprecate session.sid_length and session.sid_bits_per_character config options
1 parent e314213 commit 07f3dfe

File tree

11 files changed

+41
-12
lines changed

11 files changed

+41
-12
lines changed

UPGRADE-7.2.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,12 @@ FrameworkBundle
2828
---------------
2929

3030
* [BC BREAK] The `secrets:decrypt-to-local` command terminates with a non-zero exit code when a secret could not be read
31+
* Deprecate `session.sid_length` and `session.sid_bits_per_character` config options
32+
33+
HttpFoundation
34+
--------------
35+
36+
* Deprecate passing `sid_bits_per_character` and `sid_length` options to `NativeSessionStorage`
3137

3238
Messenger
3339
---------

src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ CHANGELOG
1212
* Deprecate making `cache.app` adapter taggable, use the `cache.app.taggable` adapter instead
1313
* Enable `json_decode_detailed_errors` in the default serializer context in debug mode by default when `seld/jsonlint` is installed
1414
* Register `Symfony\Component\Serializer\NameConverter\SnakeCaseToCamelCaseNameConverter` as a service named `serializer.name_converter.snake_case_to_camel_case` if available
15+
* Deprecate `session.sid_length` and `session.sid_bits_per_character` config options
1516

1617
7.1
1718
---

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -685,10 +685,12 @@ private function addSessionSection(ArrayNodeDefinition $rootNode): void
685685
->integerNode('sid_length')
686686
->min(22)
687687
->max(256)
688+
->setDeprecated('symfony/framework-bundle', '7.2', 'Setting the "%path%.%node%" configuration option is deprecated. It will be removed in version 8.0. No alternative is provided as PHP 8.4 has deprecated the related option.')
688689
->end()
689690
->integerNode('sid_bits_per_character')
690691
->min(4)
691692
->max(6)
693+
->setDeprecated('symfony/framework-bundle', '7.2', 'Setting the "%path%.%node%" configuration option is deprecated. It will be removed in version 8.0. No alternative is provided as PHP 8.4 has deprecated the related option.')
692694
->end()
693695
->end()
694696
->end()

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,6 @@
4343
'gc_maxlifetime' => 90000,
4444
'gc_divisor' => 108,
4545
'gc_probability' => 1,
46-
'sid_length' => 22,
47-
'sid_bits_per_character' => 4,
4846
'save_path' => '/path/to/sessions',
4947
],
5048
'assets' => [

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff li 9E7A ne change
@@ -17,7 +17,7 @@
1717
<framework:ssi enabled="true" />
1818
<framework:profiler only-exceptions="true" enabled="false" />
1919
<framework:router resource="%kernel.project_dir%/config/routing.xml" type="xml" utf8="true" />
20-
<framework:session gc-maxlifetime="90000" gc-probability="1" gc-divisor="108" storage-factory-id="session.storage.factory.native" handler-id="session.handler.native_file" name="_SYMFONY" cookie-lifetime="86400" cookie-path="/" cookie-domain="example.com" cookie-secure="true" cookie-samesite="lax" cookie-httponly="false" use-cookies="true" save-path="/path/to/sessions" sid-length="22" sid-bits-per-character="4" />
20+
<framework:session gc-maxlifetime="90000" gc-probability="1" gc-divisor="108" storage-factory-id="session.storage.factory.native" handler-id="session.handler.native_file" name="_SYMFONY" cookie-lifetime="86400" cookie-path="/" cookie-domain="example.com" cookie-secure="true" cookie-samesite="lax" cookie-httponly="false" use-cookies="true" save-path="/path/to/sessions" />
2121
<framework:request>
2222
<framework:format name="csv">
2323
<framework:mime-type>text/csv</framework:mime-type>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,6 @@ framework:
3636
gc_probability: 1
3737
gc_divisor: 108
3838
gc_maxlifetime: 90000
39-
sid_length: 22
40-
sid_bits_per_character: 4
4139
save_path: /path/to/sessions
4240
assets:
4341
version: v1

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTestCase.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -676,8 +676,6 @@ public function testSession()
676676
$this->assertEquals(108, $options['gc_divisor']);
677677
$this->assertEquals(1, $options['gc_probability']);
678678
$this->assertEquals(90000, $options['gc_maxlifetime']);
679-
$this->assertEquals(22, $options['sid_length']);
680-
$this->assertEquals(4, $options['sid_bits_per_character']);
681679

682680
$this->assertEquals('/path/to/sessions', $container->getParameter('session.save_path'));
683681
}

src/Symfony/Component/HttpFoundation/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ CHANGELOG
66

77
* Add optional `$requests` parameter to `RequestStack::__construct()`
88
* Add optional `$v4Bytes` and `$v6Bytes` parameters to `IpUtils::anonymize()`
9+
* Deprecate passing `sid_bits_per_character` and `sid_length` options to `NativeSessionStorage`
910

1011
7.1
1112
---

src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,8 @@ class NativeSessionStorage implements SessionStorageInterface
6868
* use_cookies, "1"
6969
* use_only_cookies, "1"
7070
* use_trans_sid, "0"
71-
* sid_length, "32"
72-
* sid_bits_per_character, "5"
71+
* sid_length, "32" (@deprecated since Symfony 7.2, to be removed in 8.0)
72+
* sid_bits_per_character, "5" (@deprecated since Symfony 7.2, to be removed in 8.0)
7373
* trans_sid_hosts, $_SERVER['HTTP_HOST']
7474
* trans_sid_tags, "a=href,area=href,frame=src,form="
7575
*/
@@ -126,8 +126,8 @@ public function start(): bool
126126
* See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character.
127127
* Allowed values are integers such as:
128128
* - 4 for range `a-f0-9`
129-
* - 5 for range `a-v0-9`
130-
* - 6 for range `a-zA-Z0-9,-`
129+
* - 5 for range `a-v0-9` (@deprecated since Symfony 7.2, it will default to 4 and the option will be ignored in Symfony 8.0)
130+
* - 6 for range `a-zA-Z0-9,-` (@deprecated since Symfony 7.2, it will default to 4 and the option will be ignored in Symfony 8.0)
131131
*
132132
* ---------- Part 2
133133
*
@@ -139,6 +139,8 @@ public function start(): bool
139139
* - The length of Windows and Linux filenames is limited to 255 bytes. Then the max must not exceed 255.
140140
* - The session filename prefix is `sess_`, a 5 bytes string. Then the max must not exceed 255 - 5 = 250.
141141
*
142+
* This is @deprecated since Symfony 7.2, the sid length will default to 32 and the option will be ignored in Symfony 8.0.
143+
*
142144
* ---------- Conclusion
143145
*
144146
* The parts 1 and 2 prevent the warning below:
@@ -328,6 +330,10 @@ public function setOptions(array $options): void
328330
]);
329331

330332
foreach ($options as $key => $value) {
333+
if (\in_array($key, ['sid_length', 'sid_bits_per_character'], true)) {
334+
trigger_deprecation('symfony/http-foundation', '7.2', 'NativeSessionStorage\'s "%s" option is deprecated and will be ignored in Symfony 8.0.', $key);
335+
}
336+
331337
if (isset($validOptions[$key])) {
332338
if ('cookie_secure' === $key && 'auto' === $value) {
333339
continue;

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\HttpFoundation\Tests\Session\Storage;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag;
1617
use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
1718
use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeFileSessionHandler;
@@ -32,6 +33,8 @@
3233
*/
3334
class NativeSessionStorageTest extends TestCase
3435
{
36+
use ExpectDeprecationTrait;
37+
3538
private string $savePath;
3639

3740
private $initialSessionSaveHandler;
@@ -337,4 +340,19 @@ public function testSaveHandlesNullSessionGracefully()
337340

338341
$this->addToAssertionCount(1);
339342
}
343+
344+
/**
345+
* @group legacy
346+
*/
347+
public function testPassingDeprecatedOptions()
348+
{
349+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "sid_length" option is deprecated and will be ignored in Symfony 8.0.');
350+
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "sid_bits_per_character" option is deprecated and will be ignored in Symfony 8.0.');
351+
352+
$this-> 1241 ;getStorage([
353+
'cookie_lifetime' => 123456,
354+
'sid_length' => 42,
355+
'sid_bits_per_character' => 6,
356+
]);
357+
}
340358
}

src/Symfony/Component/HttpFoundation/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@
1818
"require": {
1919
"php": ">=8.2",
2020
"symfony/polyfill-mbstring": "~1.1",
21-
"symfony/polyfill-php83": "^1.27"
21+
"symfony/polyfill-php83": "^1.27",
22+
"symfony/deprecation-contracts": "^2.5|^3.0"
2223
},
2324
"require-dev": {
2425
"doctrine/dbal": "^3.6|^4",

0 commit comments

Comments
 (0)
0