[FrameworkBundle] start session on flashbag injection #36063
Conversation
warslett
force-pushed
the
33084-start-session-on-flashbag-injection
branch
from
ff4754e
to
67d178e
Compare
| <service id="session.flash_bag" class="Symfony\Component\HttpFoundation\Session\Flash\FlashBag" /> | ||
| <service id="session.flash_bag" class="Symfony\Component\HttpFoundation\Session\Flash\FlashBag"> | ||
| <factory service="session" method="getFlashBag"/> | ||
| </service> | ||
| <service id="Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface" alias="session.flash_bag" /> | ||
|
|
||
| <service id="session.attribute_bag" class="Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag" /> |
There was a problem hiding this comment.
@nicolas-grekas should we also configure session.attribute_bag in the same way for consistency?
There was a problem hiding this comment.
Then on master, we could deprecate these two services.
There was a problem hiding this comment.
@warslett up to send a PR to deprecate these?
There was a problem hiding this comment.
@nicolas-grekas here: #36273 I get build failures but doesn't seem related. Are the builds on master wonky right now?
nicolas-grekas
changed the title
fabpot
force-pushed
the
33084-start-session-on-flashbag-injection
branch
from
8b5cbfd
to
e8b4d35
Compare
|
Thank you @warslett. |
|
@warslett Can you prepare a PR on master to deprecate the two services as suggested by Nicolas (I've merged 3.4 up to master)? |
|
@fabpot sure I can do that this evening. I'll use the message: "The "%service_id%" service is deprecated since Symfony 5.1" |
|
After this this bug fix new bug was created if session with namespaces was configured
|
|
@ekosogin you don't actually need the @session.flash_bag parameter on there. You should be able to do this: |
|
@fabpot I have a branch with the deprecation on master but haven't created a PR yet (sorry virus got in the way). Do we need to consider @ekosogin's problem first? It is simple enough to remove the session.flash_bag argument from his session definition but if lots of people using symfony have overridden the default session service definition and injected either of these two soon-to-be deprecated services then they might be experiencing the same problem. |
|
The problem with circular reference still present with this configuration |
|
FYI, discussions on closed PRs are like oral talks: we'll all forget about them. |
|
we have the same issue. This is the 3rd time in a year where in minor symfony version upgrade breaks something for us in sessions :/ this won't work for us anymore in 4.4.6: |
|
@nicolas-grekas looks like the ticket is about session flash bag and that' is ok to remove it from Session service definition but https://github.com/symfony/symfony/pull/36063/files#diff-1777be3d93e71a9295d7fed8ed262c3eL16 but session.attribute_bag is also removed in this PR. We rely on NamespacedAttributeBag so we store symfony session in non-root namespace. With this change on: https://github.com/symfony/symfony/blob/v4.4.6/src/Symfony/Component/Security/Http/Firewall/ContextListener.php#L119 symfony ignores our namesapce (login) and because of that can not find symfony session data |
|
Fixed in #36261 |
…hen circular refs are detected (nicolas-grekas) This PR was merged into the 3.4 branch. Discussion ---------- [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | Fix #36063 | License | MIT | Doc PR | - As introduced and reported in the linked PR. Commits ------- 35644cf [FrameworkBundle] revert to legacy wiring of the session when circular refs are detected
…services (William Arslett) This PR was squashed before being merged into the 5.1-dev branch. Discussion ---------- [FrameworkBundle] Deprecate flashbag and attributebag services | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | Related to [#10557](#10557) | Related to PR | #36063 | License | MIT FlashBag and AttributeBag are data objects and so should not be available via the service container. The preferred method for accessing these objects is via `$session->getFlashBag()` or `$session->getAttributeBag()` Commits ------- f9b52fe [FrameworkBundle] Deprecate flashbag and attributebag services
…tion (fancyweb) This PR was merged into the 3.4 branch. Discussion ---------- [FrameworkBundle] Fix session.attribute_bag service definition | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | #36465 | License | MIT | Doc PR | - It looks like in #36063, the fact the the `getAttributeBag` method is private was forgotten. It cannot be used as the factory method. I guess we can make it public. Should it maybe marked `@internal`? Commits ------- 76072c6 [FrameworkBundle] Fix session.attribute_bag service definition
- FlashBagProvider is not wired in contructor anymore because it had side effects (session was started when the container was built) - see symfony/symfony#36063
- FlashBagProvider is not wired in contructor anymore because it had side effects (session was started when the container was built) - see symfony/symfony#36063
This PR addresses an issue whereby if the FlashBag is injected into the application using the default service configuration, we cannot rely that the session has been started. This behaviour is in contradiction to the docs:
This is because symfony ensures the session has been started on calls to getFlashBag() which is normally how the flashbag will be accessed but this is not called if you inject the FlashBag directly into the container.
I have addressed this issue by changing the way the Flashbag service is built so that it uses Session as a factory service and getFlashBag as a factory method. This means that anywhere in symfony where FlashBag is injected can now rely on the fact the session is started.
I have also added a new functional test to verify this behaviour.