8000 [FrameworkBundle] Deprecate `session.sid_length` and `session.sid_bit… · symfony/symfony@676e275 · GitHub
[go: up one dir, main page]
Skip to content

Commit 676e275

Browse files
alexandre-dauboisalexandre-daubois
committed
[FrameworkBundle] Deprecate session.sid_length and session.sid_bits_per_character config options
1 parent c841825 commit 676e275

File tree

11 files changed

+41
-12
lines changed

11 files changed

+41
-12
lines changed

UPGRADE-7.2.md

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,12 @@ FrameworkBundle
2222
---------------
2323

2424
* [BC BREAK] The `secrets:decrypt-to-local` command terminates with a non-zero exit code when a secret could not be read
25+
* Deprecate `session.sid_length` and `session.sid_bits_per_character` config options
26+
27+
HttpFoundation
28+
--------------
29+
30+
* Deprecate passing `session.sid_bits_per_character` and `session.sid_length` options to `NativeSessionStorage`
2531

2632
Security
2733
--------

src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ CHANGELOG
99
* Make the `config/` directory optional in `MicroKernelTrait`, add support for service arguments in the
1010
invokable Kernel class, and register `FrameworkBundle` by default when the `bundles.php` file is missing
1111
* [BC BREAK] The `secrets:decrypt-to-local` command terminates with a non-zero exit code when a secret could not be read
12+
* Deprecate `session.sid_length` and `session.sid_bits_per_character` config options
1213

1314
7.1
1415
---

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -685,10 +685,12 @@ private function addSessionSection(ArrayNodeDefinition $rootNode): void
685685
->integerNode('sid_length')
686686
->min(22)
687687
->max(256)
688+
->setDeprecated('symfony/framework-bundle', '7.2', 'Setting the "%path%.%node%" configuration option is deprecated. It will be removed in version 8.0.')
688689
->end()
689690
->integerNode('sid_bits_per_character')
690691
->min(4)
691692
->max(6)
693+
->setDeprecated('symfony/framework-bundle', '7.2', 'Setting the "%path%.%node%" configuration option is deprecated. It will be removed in version 8.0.')
692694
->end()
693695
->end()
694696
->end()

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -43,8 +43,6 @@
4343
'gc_maxlifetime' => 90000,
4444
'gc_divisor' => 108,
4545
'gc_probability' => 1,
46-
'sid_length' => 22,
47-
'sid_bits_per_character' => 4,
4846
'save_path' => '/path/to/sessions',
4947
],
5048
'assets' => [

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
<framework:ssi enabled="true" />
1818
<framework:profiler only-exceptions="true" enabled="false" />
1919
<framework:router resource="%kernel.project_dir%/config/routing.xml" type="xml" utf8="true" />
20-
<framework:session gc-maxlifetime="90000" gc-probability="1" gc-divisor="108" storage-factory-id="session.storage.factory.native" handler-id="session.handler.native_file" name="_SYMFONY" cookie-lifetime="86400" cookie-path="/" cookie-domain="example.com" cookie-secure="true" cookie-samesite="lax" cookie-httponly="false" use-cookies="true" save-path="/path/to/sessions" sid-length="22" sid-bits-per-character="4" />
20+
<framework:session gc-maxlifetime="90000" gc-probability="1" gc-divisor="108" storage-factory-id="session.storage.factory.native" handler-id="session.handler.native_file" name="_SYMFONY" cookie-lifetime="86400" cookie-path="/" cookie-domain="example.com" cookie-secure="true" cookie-samesite="lax" cookie-httponly="false" use-cookies="true" save-path="/path/to/sessions" />
2121
<framework:request>
2222
<framework:format name="csv">
2323
<framework:mime-type>text/csv</framework:mime-type>

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,6 @@ framework:
3636
gc_probability: 1
3737
gc_divisor: 108
3838
gc_maxlifetime: 90000
39-
sid_length: 22
40-
sid_bits_per_character: 4
4139
save_path: /path/to/sessions
4240
assets:
4341
version: v1

src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTestCase.php

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -673,8 +673,6 @@ public function testSession()
673673
$this->assertEquals(108, $options['gc_divisor']);
674674
$this->assertEquals(1, $options['gc_probability']);
675675
$this->assertEquals(90000, $options['gc_maxlifetime']);
676-
$this->assertEquals(22, $options['sid_length']);
677-
$this->assertEquals(4, $options['sid_bits_per_character']);
678676

679677
$this->assertEquals('/path/to/sessions', $container->getParameter('session.save_path'));
680678
}

src/Symfony/Component/HttpFoundation/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ CHANGELOG
55
---
66

77
* Add optional `$requests` argument to `RequestStack::__construct()`
8+
* Deprecate passing `session.sid_bits_per_character` and `session.sid_length` options to `NativeSessionStorage`
89

910
7.1
1011
---

src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -68,8 +68,8 @@ class NativeSessionStorage implements SessionStorageInterface
6868
* use_cookies, "1"
6969
* use_only_cookies, "1"
7070
* use_trans_sid, "0"
71-
* sid_length, "32"
72-
* sid_bits_per_character, "5"
71+
* sid_length, "32" (@deprecated since Symfony 7.2, to be removed in 8.0)
72+
* sid_bits_per_character, "5" (@deprecated since Symfony 7.2, to be removed in 8.0)
7373
* trans_sid_hosts, $_SERVER['HTTP_HOST']
7474
* trans_sid_tags, "a=href,area=href,frame=src,form="
7575
*/
@@ -125,9 +125,9 @@ public function start(): bool
125125
* The part `[a-zA-Z0-9,-]` is related to the PHP ini directive `session.sid_bits_per_character` defined as 6.
126126
* See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character.
127127
* Allowed values are integers such as:
128-
* - 4 for range `a-f0-9`
128+
* - 4 for range `a-f0-9` (@deprecated since Symfony 7.2, only 5 bits per character will be allowed in Symfony 8.0)
129129
* - 5 for range `a-v0-9`
130-
* - 6 for range `a-zA-Z0-9,-`
130+
* - 6 for range `a-zA-Z0-9,-` (@deprecated since Symfony 7.2, only 5 bits per character will be allowed in Symfony 8.0)
131131
*
132132
* ---------- Part 2
133133
*
@@ -139,6 +139,8 @@ public function start(): bool
139139
* - The length of Windows and Linux filenames is limited to 255 bytes. Then the max must not exceed 255.
140140
* - The session filename prefix is `sess_`, a 5 bytes string. Then the max must not exceed 255 - 5 = 250.
141141
*
142+
* This is @deprecated since Symfony 7.2 and only sid length of 32 will be allowed in Symfony 8.0.
143+
*
142144
* ---------- Conclusion
143145
*
144146
* The parts 1 and 2 prevent the warning below:
@@ -328,6 +330,10 @@ public function setOptions(array $options): void
328330
]);
329331

330332
foreach ($options as $key => $value) {
333+
if (\in_array($key, ['sid_length', 'sid_bits_per_character'], true)) {
334+
trigger_deprecation('symfony/http-foundation', '7.2', 'The "%s" option is deprecated and won\'t be a valid option in Symfony 8.0.', $key);
335+
}
336+
331337
if (isset($validOptions[$key])) {
332338
if ('cookie_secure' === $key && 'auto' === $value) {
333339
continue;

src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\HttpFoundation\Tests\Session\Storage;
1313

1414
use PHPUnit\Framework\TestCase;
15+
use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
1516
use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag;
1617
use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
1718
use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeFileSessionHandler;
@@ -32,6 +33,8 @@
3233
*/
3334
class NativeSessionStorageTest extends TestCase
3435
{
36+
use ExpectDeprecationTrait;
37+
3538
private string $savePath;
3639

3740
private $initialSessionSaveHandler;
@@ -337,4 +340,19 @@ public function testSaveHandlesNullSessionGracefully()
337340

338341
$this->addToAssertionCount(1);
339342
}
343+
344+
/**
345+
* @group legacy
346+
*/
347+
public function testPassingDeprecatedOptions()
348+
{
349+
$this->expectDeprecation('Since symfony/http-foundation 7.2: The "sid_length" option is deprecated and won\'t be a valid option in Symfony 8.0.');
350+
$this->expectDeprecation('Since symfony/http-foundation 7.2: The "sid_bits_per_character" option is deprecated and won\'t be a valid option in Symfony 8.0.');
351+
352+
$this->getStorage([
353+
'cookie_lifetime' => 123456,
354+
'sid_length' => 42,
355+
'sid_bits_per_character' => 6,
356+
]);
357+
}
340358
}

src/Symfony/Component/HttpFoundation/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@
1818
"require": {
1919
"php": ">=8.2",
2020
"symfony/polyfill-mbstring": "~1.1",
21-
"symfony/polyfill-php83": "^1.27"
21+
"symfony/polyfill-php83": "^1.27",
22+
"symfony/deprecation-contracts": "^2.5|^3.0"
2223
},
2324
"require-dev": {
2425
"doctrine/dbal": "^3.6|^4",

0 commit comments

Comments
 (0)
0