[WIP][HttpFoundation][Sessions] NativeFileSession won't override the php.ini settings anymore #5266
Conversation
| @@ -33,6 +33,13 @@ class NativeFileSessionHandler extends NativeSessionHandler | |||
| */ | |||
| public function __construct($savePath = null) | |||
| { | |||
| // We don't want to override the server settings in case the server is configured to handle sessions | |||
| // in something else that files. This makes it easy to configure servers to have sessions stored in | |||
There was a problem hiding this comment.
Thanks, fixed that.
|
But the point here is if you are using NativeSessionFileHandler then you are commanding Symfony to use native files, so this PR would completely break when you want to command use of native file... This is actually why there were other native drivers (sadly those were removed). If you want to preserve the actual save_handler as set in php.ini, then you should pass |
|
@Drak thanks for your reply. To better explain the situation: The application I've developed has been on master ever since February with somewhat regular updates. I haven't done any other profiling and benchmarks so far because we've focused on the development of other features. I know about the removal of the other NativeSessionsStorage drivers, which is a pity, but I've understood the reasons for removal. But now the problem we're faced is like this: we want to use memcached as session server. If we don't write any code for it then it should be the fastest/reliable way to implement it as we control the web servers. If we need to write code for this then it means we need to test it and so on. Out of the box, we've expected that native NativeFileSessionHandler would just mean that we can implement whatever we want in php.ini and it would just use that. We plan to study Redis for example at some point and switching the drivers would just mean more tests. So this kinda came as a surprise when we've seen that files are being written instead of using what we've did in php.ini. Maybe a solution would be to implement a NativePHPSettingsHandler and ship it with Symfony2 but imho if you look at the configuration of Symfony2 Standard, you wouldn't expect that the sessions are not obeying the rules of php.ini. Or maybe we can implement an option called obey_ini_settings or something that can be used instead to signal what Symfony should do. Yet another thing that we might just as well change would be to change the sessions storage path to have it under app/sessions/[SF2_ENV]/ as it seems there's a lot of people clearing their cache and just forgetting/not knowing that the sessions folder is in their cache folder. What do you think about these? |
|
Moved over #5267 |
No, it is as the name says - native file session handler :-)
As I said before if you want to leave the save handlers as specified in php.ini (which is a mistake imo), then simply pass As a matter of principal, an application's configuration be explicit and not make assumptions about the environment it's deployed in. You might have an exception for this, but as a general rule, the application should behave the same way on server 1 or server 2 because it makes the application robust and saves some poor admin time scratching their head as to why server 1 works, and server 2's deployment doesn't.
This is why we had the
This is already configurable, the default folder is sensible for most purposes. Especially when testing or re-deploying clearing out sessions may make very good sense. |
Bug fix: yes - but in the 2.1 branch
Feature addition: no
Backwards compatibility break: not sure
Symfony2 tests pass:
Fixes the following tickets: ~
Todo: ~
License of the code: MIT
Documentation PR: ~
Today I've noticed that the sessions are stored in files even if the configuration of the PHP server was to use the memcached driver to do so.
After a bit of digging I've noticed that the native storage solution Symfony2.1 comes with will override the server settings in the PHP.ini which is very bad as this is not the expected default behavior.
I think this should be solved before releasing 2.1 as the changes for the session subsystem are already major.
One other thing to add to this would be to force the sessions to be stored in files regardless of the settings in php.ini but for that I think we need to use a configuration option. If you think that it would be better to solve the problem that way then I'll gladly do it.
cc @fabpot @Drak