[Security] Fixed broken master build

[wouterj]

Q	A
Branch?	master
Bug fix?	no
New feature?	no
Deprecations?	no
Tickets	-
License	MIT
Doc PR	n/a

The build failures are caused by these lines (line 100 specically):

symfony/src/Symfony/Component/Security/Http/Firewall/ContextListener.php

Lines 97 to 108 in 2460ca5

	if (null !== $session) {
	$usageIndexValue = $session instanceof Session ? $usageIndexReference = &$session->getUsageIndex() : 0;
	$usageIndexReference = PHP_INT_MIN;
	$sessionId = $request->cookies->get($session->getName());
	$token = $session->get($this->sessionKey);
	if ($this->sessionTrackerEnabler && \in_array($sessionId, [true, $session->getId()], true)) {
	$usageIndexReference = $usageIndexValue;
	} else {
	$usageIndexReference = $usageIndexReference - PHP_INT_MIN + $usageIndexValue;
	}
	}

Since #34363, $request->cookies->get() is typehinted as string|null. On Travis with PHP=7.4, this doc typehint is transformed into PHP return type: get(): ?string.

On tests, the session cookie is set to true. See #36118 for some background on why this is necessary.

There are a couple possible solutions:

1. Update the InputBag::get() PHPdoc to use @return scalar|null
2. Use $request->cookie->all()[$session->getName()] in ContextListener
3. Allow pre-configuring the session ID in MockArraySessionStorage.

I've implemented solution (1). The method is actually using is_scalar() to check if a deprecation notice should be triggered, so it is expected to return a scalar in Symfony 6.

I've had to update the DebugClassLoader to not convert this to get(): ?scalar, as that doesn't exists in PHP. I'm not sure if my changes are correct (but they work).

[wouterj]

Hmm, seems like this very minor change introduces a new failing tests (on Travis only, but this time in all jobs, so not related to PHP return typing):

1) Symfony\Component\HttpFoundation\Tests\Session\Storage\Handler\AbstractSessionHandlerTest::testSession with data set #2 ('regenerate')
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
 read\n
 doRead: abc|i:123;\n
 read\n
+doRead: abc|i:123;\n
 \n
 write\n
 doWrite: abc|i:123;\n

/home/travis/build/symfony/symfony/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/Handler/AbstractSessionHandlerTest.php:49

Looking at the test, I can't see Request or InputBag being used, so I'm again puzzled how this change affects session management. My knowledge of sessions is 0, so I think I need a bit of guidance.

[nicolas-grekas]

I'm for using solution 2.
About the new failure, it's unrelated apparently - must be something else.

[nicolas-grekas]

I suspect the other failure to be related to the just released PHP 7.3.17, and to php/php-src@b510250 specifically.

[wouterj]

Alright, so unrelated to this PR. Travis confirms this fixes the PHP 7.4 build for Security HTTP, so ready to merge imho :)

[nicolas-grekas]

Thank you @wouterj.