New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make Session caches persistent by default. #1390

Closed
albe opened this Issue Sep 6, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@albe
Copy link
Member

albe commented Sep 6, 2018

They are a prime target for persistent caching, because sessions normally shouldn't get deleted with general cache flushing.

See neos/neos-development-collection#2175

@albe

This comment has been minimized.

Copy link
Member

albe commented Nov 15, 2018

I don't see any obvious issues with going that route, other than the upgrade causing a logout for everyone - which is the case anyway when doing a proper deployment. Anything I'm missing?

@kitsunet

This comment has been minimized.

Copy link
Member

kitsunet commented Nov 15, 2018

The original reason NOT to do this was that the session contains serialized PHP objects, that would explode badly if those objects/properties change and the session is unserialized after. That problem still exists and IMHO it's a danger. I am open to still change it and people with this problem then need to flush the sessions as needed. Maybe we can at some point look into not serializing but just storing data and reinstancing stuff...

@albe

This comment has been minimized.

Copy link
Member

albe commented Nov 15, 2018

the session contains serialized PHP objects, that would explode badly if those objects/properties change and the session is unserialized after.

Indeed. That is a potential issue. But that is mostly an application/domain issue, no? ALAS, if the application stores a Foo object in session (@scope session or directly), then changes the structure of this object (or god forbid, renames it), it needs to handle the deserialization issue it will face somehow. Currently ofc, due to the PHP serialization semantics, this means it can mostly only destroy the sessions. So maybe we could provide a special CLI command for exactly this: ./flow flow:sessions:destroyAll, which would basically be an alias for ./flow flow:cache:flushOne Flow_Session_Storage && ./flow flow:cache:flushOne Flow_Session_MetaData.

If we had a proper serializer/object hydrator in place, we could make the behaviour more lenient/configurable (i.e. how to handle missing/success properties). Feature Request? 😆

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment