Added config to force Symfony use native session handler by default #606
Conversation
|
It is expected, Symfony recommends to set the session handler explicitly in its framework bundle configuration instead of relying on ini settings. This makes sure the application behaves the same no matter on which environment it is deployed to. |
|
@bamarni Actually, that's the contrary ;) I tend to agree with @pulzarraider here. What do you think @Drak? |
|
Looking at this the problem is because there is no explicit But either way, a value should be set explicitly for I personally would have it as since it's not good to rely on global set default, that leads to more wtfs than anything else. But anyway +1 for having something set explicitly. |
Added comment for handler_id
|
@Drak @fabpot @bamarni Thanks for your opinions I have added comment to make the configuration more clear. My opinion is that application should use default session handler set in php.ini. Session handler from php.ini is |
… by default (pulzarraider) This PR was submitted for the master branch but it was merged into the 2.4 branch instead (closes #606). Discussion ---------- Added config to force Symfony use native session handler by default As far as I know Symfony is using NativeFileSessionHandler to save session data to file. This breaks server configuration, because if php is configured to use Memcache or Redis session handler, symfony stores session data to file in app/cache directory and ignores default php session settings. Correct me if I am wrong, but Symfony should use native session handler that is configured in php ini settings by default (to create less WTFs). Commits ------- 89f82c8 Added config to force Symfony to use native session handler by default
|
Is symfony cookbook about symfony/symfony or the standard edition? If it's the latter, the following cookbook entry will be obsolete as of 2.4 : http://symfony.com/doc/current/cookbook/session/sessions_directory.html |
|
@fabpot : any thought on this? Can it either be backported to 2.3 or postponed to 3.0 so that there is a consistent documentation about it across all ~2.3 versions? |
|
@fabpot there is now an unfortunate side-effect in that clearing the cache will no longer clear out the session which may be stored in a variety of locations. Upon re-reading the original text of the ticket, it's wrong to say it "breaks" anything when you need to configure the save_path correctly for the different drivers. That is a bug in the configuration default handling which defaults to a file path if they key is not defined in the What should have happened was to add a key to the Either that or some kind of intelligent hander_id aware configuration (which is probably difficult to do). |
|
Something like this making it clear there is more to configure if you change the handler. The patch that was applied here doesn't actually solve the core issue of someone changing the The knock-on effect now is that file based sessions are not cleared when you clear the cache dir and are in fact "somewhere else". It's more messy rather than clearer. I get that one may be deploying a single app on a dedicated server/vm instance and and thus using global php settings can be ok, but it is still a bad idea to rely on as I have discussed before and increases the chances of wtf moments because configuration is no longer self contained, but spread over several places outside the application. |
As far as I know Symfony is using NativeFileSessionHandler to save session data to file. This breaks server configuration, because if php is configured to use Memcache or Redis session handler, symfony stores session data to file in app/cache directory and ignores default php session settings.
Correct me if I am wrong, but Symfony should use native session handler that is configured in php ini settings by default (to create less WTFs).