Permalink
Browse files

minor #4964 link to the cookbook article on avoiding to start a sessi…

…on (dbu)

This PR was merged into the 2.3 branch.

Discussion
----------

link to the cookbook article on avoiding to start a session

resolve the todo now that #4661 is merged

Commits
-------

e66aac7 link to the cookbook article on avoiding to start a session
  • Loading branch information...
wouterj committed Feb 14, 2015
2 parents 6d65564 + e66aac7 commit 0adb6f6a62625c9875be57d102c814721c5b83c8
Showing with 4 additions and 5 deletions.
  1. +4 −5 cookbook/cache/varnish.rst
@@ -72,11 +72,10 @@ If you know for sure that the backend never uses sessions or basic
authentication, have varnish remove the corresponding header from requests to
prevent clients from bypassing the cache. In practice, you will need sessions
at least for some parts of the site, e.g. when using forms with
:ref:`CSRF Protection <forms-csrf>`. In this situation, make sure to only
start a session when actually needed, and clear the session when it is no
longer needed. Alternatively, you can look into :doc:`../cache/form_csrf_caching`.
.. todo link "only start a session when actually needed" to cookbook/session/avoid_session_start once https://github.com/symfony/symfony-docs/pull/4661 is merged
:ref:`CSRF Protection <forms-csrf>`. In this situation, make sure to
:doc:`only start a session when actually needed </cookbook/session/avoid_session_start>`
and clear the session when it is no longer needed. Alternatively, you can look
into :doc:`/cookbook/cache/form_csrf_caching`.
Cookies created in Javascript and used only in the frontend, e.g. when using
Google analytics are nonetheless sent to the server. These cookies are not

0 comments on commit 0adb6f6

Please sign in to comment.