Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] Check if firewall is stateless before checking for session/previous session #36176

Conversation

@koenreiniers
Copy link
Contributor

koenreiniers commented Mar 23, 2020

Q A
Branch? 4.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets -
License MIT
Doc PR -

For one of our applications we had the issue that the session was always initialized, even for routes behind stateless firewalls. Using the redis session adapter this sometimes lead to exceptions if the connection failed. This change prevents the session from being initialized in the guard authentication handler for stateless firewalls

@koenreiniers koenreiniers changed the title Check if firewall is stateless before checking for session/previous session [Security] Check if firewall is stateless before checking for session/previous session Mar 23, 2020
@koenreiniers

This comment has been minimized.

Copy link
Contributor Author

koenreiniers commented Mar 23, 2020

CS Check is failing, but it looks like the rule is invalid? I don't see this anywhere else in the code

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Mar 23, 2020
@nicolas-grekas nicolas-grekas changed the base branch from 4.4 to 3.4 Mar 23, 2020
@nicolas-grekas nicolas-grekas force-pushed the koenreiniers:guard-prevent-session-start-on-stateless-firewall branch from 03e572c to 9bb1230 Mar 23, 2020
@nicolas-grekas

This comment has been minimized.

Copy link
Member

nicolas-grekas commented Mar 23, 2020

Thank you @koenreiniers.

@nicolas-grekas nicolas-grekas merged commit 881fa02 into symfony:3.4 Mar 23, 2020
1 of 2 checks passed
1 of 2 checks passed
continuous-integration/appveyor/pr Waiting for AppVeyor build to complete
Details
fabbot.io Your code looks good.
Details
This was referenced Mar 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.