[RTM] Do not make the response private when saving the session #1388
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
leofeyer
changed the title
9 tasks
leofeyer
changed the title
leofeyer
changed the title
Toflar
suggested changes
Mar 1, 2018
| use Symfony\Component\HttpKernel\EventListener\SessionListener as BaseSessionListener; | ||
|
|
||
| /** | ||
| * Decorates the default session listener. |
There was a problem hiding this comment.
There's no explanation why this listener is present, what it does and when it will be removed again. I think that should be added because it's important information (it should also go into the PR description).
Toflar
approved these changes
Mar 1, 2018
Toflar
reviewed
Mar 23, 2018
| return; | ||
| } | ||
|
|
||
| $session = $event->getRequest()->getSession(); |
There was a problem hiding this comment.
@leofeyer There's an issue here. Either we have to call $this->inner->onKernelResponse($event); at the end of the method again or we can leave out the whole save() part here because we're overriding the method.
There was a problem hiding this comment.
No, we must not call $this->inner->onKernelResponse($event) here otherwise we have the same problem (private response) again. And saving is required to be forward compatible with Symfony 4.1.
There was a problem hiding this comment.
This does not make sense to me. If you do not forward to the decorated service, why do you call save() then?
There was a problem hiding this comment.
So the follow up listener, which checks $session->isStarted(), is not run.
There was a problem hiding this comment.
Which follow up listener? I think you confuse stuff here. The one that checks for this is the one you decorate, no?
There was a problem hiding this comment.
I'm not confusing anything. We have carefully analyzed the program flow and set up the existing solution during the developer's meeting. Which issues does it cause for you?
symfony-splitter
pushed a commit
to symfony/http-kernel
that referenced
this pull request
Mar 30, 2018
…rivate automatically (Toflar) This PR was squashed before being merged into the 4.1-dev branch (closes #26681). Discussion ---------- Allow to easily ask Symfony not to set a response to private automatically | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | This PR is related to the many discussions going on about the latest (Symfony 3.4+) changes regarding the way Symfony handles the session. I think we're almost there now, Symfony 4.1 automatically turns responses into `private` responses once the session is started and it's all done in the `AbstractSessionListener` where the session is also saved. In other issues/PRs (symfony/symfony#25583, symfony/symfony#25699, symfony/symfony#24988) it was agreed that setting the response to `private` if the session is started is a good default for Symfony. It was also agreed that setting it to `private` does not always make sense because you **can share a response** across sessions, it just requires a more complex caching setup with shared user context etc. So there must be an easy way to disable this behaviour. Right now it's very hard to do so because what you end up doing is basically decorating the `session_listener` which is very hard because you have to keep track on that over different Symfony versions as the base listener might get additional features etc. The [FOSCacheBundle](FriendsOfSymfony/FOSHttpCacheBundle#438) is already having this problem, [Contao](contao/core-bundle#1388) has the same issue and there will be probably more. Basically everyone that wants to share a response cache across the session will have to decorate the default listener. That's just too hard, so I came up with this solution. The header is easy. Every project can add that easily. It does not require any extension, configuration or adjustment of any service. It's clean, transparent and has absolutely no impact on "default" Symfony setups. Would be happy to have some feedback before 4.1 freeze. Commits ------- 0f36710 Allow to easily ask Symfony not to set a response to private automatically
fabpot
added a commit
to symfony/symfony
that referenced
this pull request
Mar 30, 2018
…rivate automatically (Toflar) This PR was squashed before being merged into the 4.1-dev branch (closes #26681). Discussion ---------- Allow to easily ask Symfony not to set a response to private automatically | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | | License | MIT | Doc PR | This PR is related to the many discussions going on about the latest (Symfony 3.4+) changes regarding the way Symfony handles the session. I think we're almost there now, Symfony 4.1 automatically turns responses into `private` responses once the session is started and it's all done in the `AbstractSessionListener` where the session is also saved. In other issues/PRs (#25583, #25699, #24988) it was agreed that setting the response to `private` if the session is started is a good default for Symfony. It was also agreed that setting it to `private` does not always make sense because you **can share a response** across sessions, it just requires a more complex caching setup with shared user context etc. So there must be an easy way to disable this behaviour. Right now it's very hard to do so because what you end up doing is basically decorating the `session_listener` which is very hard because you have to keep track on that over different Symfony versions as the base listener might get additional features etc. The [FOSCacheBundle](FriendsOfSymfony/FOSHttpCacheBundle#438) is already having this problem, [Contao](contao/core-bundle#1388) has the same issue and there will be probably more. Basically everyone that wants to share a response cache across the session will have to decorate the default listener. That's just too hard, so I came up with this solution. The header is easy. Every project can add that easily. It does not require any extension, configuration or adjustment of any service. It's clean, transparent and has absolutely no impact on "default" Symfony setups. Would be happy to have some feedback before 4.1 freeze. Commits ------- 0f36710 Allow to easily ask Symfony not to set a response to private automatically
leofeyer
pushed a commit
that referenced
this pull request
Mar 3, 2020
Description ----------- Fixes #1388. Commits ------- 49bf3a28 Update preview_toolbar_base.html.twig b7a8e8f6 Update default.xlf 3710cd16 Use trans_default_domain
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR fixes #1283.
Symfony has recently changed their session listener to always make the response private if the session has been started. Although we agree with the change, it renders the HTTP cache unusable, because Contao always starts a session (e.g. to store the user's language). This PR decorates the Symfony session listener and circumvents Symfony's changes by not making the response private if the request is a Contao front end request.
Of course, our long term goal should be to adjust Contao so it only starts a session if it really has to.