From 0a0bca2f504e8332438188f6b3456b0b8d7b02f5 Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Tue, 21 Nov 2017 09:33:29 -0500 Subject: [PATCH 1/2] Removing use_strict_mode docs, as this feature is deprecated in 3.4 --- reference/configuration/framework.rst | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst index 04eebe78d3d..e3a3dff7358 100644 --- a/reference/configuration/framework.rst +++ b/reference/configuration/framework.rst @@ -70,7 +70,6 @@ Configuration * `gc_divisor`_ * `gc_probability`_ * `gc_maxlifetime`_ - * `use_strict_mode`_ * `save_path`_ * `metadata_update_threshold`_ * `assets`_ @@ -845,17 +844,6 @@ This determines the number of seconds after which data will be seen as "garbage" and potentially cleaned up. Garbage collection may occur during session start and depends on `gc_divisor`_ and `gc_probability`_. -use_strict_mode -............... - -**type**: ``boolean`` **default**: ``false`` - -This specifies whether the session module will use the strict session id mode. -If this mode is enabled, the module does not accept uninitialized session IDs. -If an uninitialized session ID is sent from browser, a new session ID is sent -to browser. Applications are protected from session fixation via session -adoption with strict mode. - save_path ......... From 3e2807014179892e4a0c976380d5ebed30158d5f Mon Sep 17 00:00:00 2001 From: Ryan Weaver Date: Tue, 21 Nov 2017 09:42:45 -0500 Subject: [PATCH 2/2] Removing limit_metadata_writes It's much less useful now, so it was just moved to the reference section --- _build/redirection_map | 5 +- reference/configuration/framework.rst | 13 +++--- session/limit_metadata_writes.rst | 66 --------------------------- 3 files changed, 10 insertions(+), 74 deletions(-) delete mode 100644 session/limit_metadata_writes.rst diff --git a/_build/redirection_map b/_build/redirection_map index ff8aaf6555f..5f39089bdbf 100644 --- a/_build/redirection_map +++ b/_build/redirection_map @@ -194,7 +194,7 @@ /cookbook/psr7 /components/psr7 /cookbook/request/index /request /cookbook/request/load_balancer_reverse_proxy /deployment/proxies -/cookbook/request/mime_type /reference/configuration/framework#formats +/cookbook/request/mime_type /reference/configuration/framework /cookbook/routing/conditions /routing/conditions /cookbook/routing/custom_route_loader /routing/custom_route_loader /cookbook/routing/debug /routing/debug @@ -244,7 +244,8 @@ /cookbook/service_container/shared /service_container/shared /cookbook/session/avoid_session_start /session/avoid_session_start /cookbook/session/index /session -/cookbook/session/limit_metadata_writes /session/limit_metadata_writes +/cookbook/session/limit_metadata_writes /reference/configuration/framework +/session/limit_metadata_writes /reference/configuration/framework /cookbook/session/locale_sticky_session /session/locale_sticky_session /cookbook/session/php_bridge /session/php_bridge /cookbook/session/proxy_examples /session/proxy_examples diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst index e3a3dff7358..a6839cf1e36 100644 --- a/reference/configuration/framework.rst +++ b/reference/configuration/framework.rst @@ -890,18 +890,19 @@ setting the value to ``null``: ), )); +.. _reference-session-metadata-update-threshold: + metadata_update_threshold ......................... **type**: ``integer`` **default**: ``0`` -This is how many seconds to wait between two session metadata updates. It will -also prevent the session handler to write if the session has not changed. - -.. seealso:: +This is how many seconds to wait between updating/writing the session metadata. This +can be useful if, for some reason, you want to limit the frequency at which the +session persists. - You can see an example of the usage of this in - :doc:`/session/limit_metadata_writes`. +Starting in Symfony 3.4, session data is *only* written when the session data has +changed. Previously, you needed to set this option to avoid that behavior. assets ~~~~~~ diff --git a/session/limit_metadata_writes.rst b/session/limit_metadata_writes.rst deleted file mode 100644 index de28ccb52a8..00000000000 --- a/session/limit_metadata_writes.rst +++ /dev/null @@ -1,66 +0,0 @@ -.. index:: - single: Limit Metadata Writes; Session - -Limit Session Metadata Writes -============================= - -The default behavior of PHP session is to persist the session regardless of -whether the session data has changed or not. In Symfony, each time the session -is accessed, metadata is recorded (session created/last used) which can be used -to determine session age and idle time. - -If for performance reasons you wish to limit the frequency at which the session -persists, this feature can adjust the granularity of the metadata updates and -persist the session less often while still maintaining relatively accurate -metadata. If other session data is changed, the session will always persist. - -You can tell Symfony not to update the metadata "session last updated" time -until a certain amount of time has passed, by setting -``framework.session.metadata_update_threshold`` to a value in seconds greater -than zero: - -.. configuration-block:: - - .. code-block:: yaml - - framework: - session: - metadata_update_threshold: 120 - - .. code-block:: xml - - - - - - - - - - - .. code-block:: php - - $container->loadFromExtension('framework', array( - 'session' => array( - 'metadata_update_threshold' => 120, - ), - )); - -.. note:: - - PHP default's behavior is to save the session whether it has been changed or - not. When using ``framework.session.metadata_update_threshold`` Symfony - will wrap the session handler (configured at - ``framework.session.handler_id``) into the WriteCheckSessionHandler. This - will prevent any session write if the session was not modified. - -.. caution:: - - Be aware that if the session is not written at every request, it may be - garbage collected sooner than usual. This means that your users may be - logged out sooner than expected.