Skip to content

Commit

Permalink
[FrameworkBundle] Add sid_length and sid_bits_per_character session i…
Browse files Browse the repository at this point in the history 
…ni options in configuration

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #29830
| License       | MIT
| Doc PR        | n/a

this a fix for the issue #29830

After deliberation, we estimate that only `sid_length` and` sid_bits_per_character` session options should be exposed. These options à optional.

For others, we recommend changing your php.ini file

We can now configure the session like this :

```yaml
framwork:
  session:
    sid_length: 64 //optional, recommended value is 32
    sid_bits_per_character: 6 //optional, recommended value is 5
```
  • Loading branch information
Anthony MARTIN committed Feb 7, 2019
1 parent a6a1be8 commit 23888fa
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 1 deletion.
2 changes: 2 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
View file
Expand Up @@ -12,6 +12,8 @@ CHANGELOG
PHP's native `serialize()` and `unserialize()` functions. To use the
original serialization method, set the `framework.messenger.serializer.id`
config option to `messenger.transport.symfony_serializer`.
* Added php ini session options `sid_length` and `sid_bits_per_character`
to the `session` section of the configuration

4.2.0
-----
Expand Down
8 changes: 8 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
View file
Expand Up @@ -509,6 +509,14 @@ private function addSessionSection(ArrayNodeDefinition $rootNode)
->defaultValue(0)
->info('seconds to wait between 2 session metadata updates')
->end()
->integerNode('sid_length')
->min(22)
->max(256)
->end()
->integerNode('sid_bits_per_character')
->min(4)
->max(6)
->end()
->end()
->end()
->end()
Expand Down
28 changes: 27 additions & 1 deletion src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
View file
Expand Up @@ -114,13 +114,16 @@
<xsd:attribute name="cookie-domain" type="xsd:string" />
<xsd:attribute name="cookie-secure" type="cookie_secure" />
<xsd:attribute name="cookie-httponly" type="xsd:boolean" />
<xsd:attribute name="cookie-samesite" type="cookie_samesite" />
<xsd:attribute name="use-cookies" type="xsd:boolean" />
<xsd:attribute name="cache-limiter" type="xsd:string" />
<xsd:attribute name="gc-maxlifetime" type="xsd:string" />
<xsd:attribute name="gc-divisor" type="xsd:string" />
<xsd:attribute name="gc-probability" type="xsd:string" />
<xsd:attribute name="use-strict-mode" type="xsd:boolean" />
<xsd:attribute name="save-path" type="xsd:string" />
<xsd:attribute name="metadata-update-threshold" type="xsd:nonNegativeInteger" />
<xsd:attribute name="sid-length" type="sid_length" />
<xsd:attribute name="sid-bits-per-character" type="sid_bits_per_character" />
</xsd:complexType>

<xsd:complexType name="request">
Expand Down Expand Up @@ -352,6 +355,29 @@
</xsd:restriction>
</xsd:simpleType>

<xsd:simpleType name="cookie_samesite">
<xsd:restriction base="xsd:string">
<xsd:enumeration value="" />
<xsd:enumeration value="lax" />
<xsd:enumeration value="strict" />
</xsd:restriction>
</xsd:simpleType>

<xsd:simpleType name="sid_bits_per_character">
<xsd:restriction base="xsd:positiveInteger">
<xsd:enumeration value="4" />
<xsd:enumeration value="5" />
<xsd:enumeration value="6" />
</xsd:restriction>
</xsd:simpleType>

<xsd:simpleType name="sid_length">
<xsd:restriction base="xsd:positiveInteger">
<xsd:minInclusive value="22" />
<xsd:maxInclusive value="256" />
</xsd:restriction>
</xsd:simpleType>

<xsd:simpleType name="workflow_type">
<xsd:restriction base="xsd:string">
<xsd:enumeration value="state_machine" />
Expand Down

0 comments on commit 23888fa

Please sign in to comment.