symfony · nicolas-grekas · Sep 7, 2021 · Sep 6, 2021 · Sep 7, 2021 · Sep 7, 2021
diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -4,6 +4,10 @@ CHANGELOG
 6.0
 ---
 
+ * Remove the `session.storage` alias and `session.storage.*` services, use the `session.storage.factory` alias and `session.storage.factory.*` services instead
+ * Remove `framework.session.storage_id` configuration option, use the `framework.session.storage_factory_id` configuration option instead
+ * Remove the `session` service and the `SessionInterface` alias, use the `\Symfony\Component\HttpFoundation\Request::getSession()` or the new `\Symfony\Component\HttpFoundation\RequestStack::getSession()` methods instead
+ * Remove the `session.attribute_bag` service and `session.flash_bag` service
  * Remove the `lock.RESOURCE_NAME` and `lock.RESOURCE_NAME.store` services and the `lock`, `LockInterface`, `lock.store` and `PersistingStoreInterface` aliases, use `lock.RESOURCE_NAME.factory`, `lock.factory` or `LockFactory` instead
  * The `form.factory`, `form.type.file`, `translator`, `security.csrf.token_manager`, `serializer`,
    `cache_clearer`, `filesystem` and `validator` services are now private

diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php b/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
@@ -29,7 +29,6 @@
 use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\ResponseHeaderBag;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpFoundation\StreamedResponse;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
@@ -93,7 +92,6 @@ public static function getSubscribedServices(): array
             'request_stack' => '?'.RequestStack::class,
             'http_kernel' => '?'.HttpKernelInterface::class,
             'serializer' => '?'.SerializerInterface::class,
-            'session' => '?'.SessionInterface::class,
             'security.authorization_checker' => '?'.AuthorizationCheckerInterface::class,
             'twig' => '?'.Environment::class,
             'doctrine' => '?'.ManagerRegistry::class, // to be removed in 6.0

diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/SessionPass.php
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -610,15 +610,8 @@ private function addSessionSection(ArrayNodeDefinition $rootNode)
                 ->arrayNode('session')
                     ->info('session configuration')
                     ->canBeEnabled()
-                    ->beforeNormalization()
-                        ->ifTrue(function ($v) {
-                            return \is_array($v) && isset($v['storage_id']) && isset($v['storage_factory_id']);
-                        })
-                        ->thenInvalid('You cannot use both "storage_id" and "storage_factory_id" at the same time under "framework.session"')
-                    ->end()
                     ->children()
-                        ->scalarNode('storage_id')->defaultValue('session.storage.native')->end()
-                        ->scalarNode('storage_factory_id')->defaultNull()->end()
+                        ->scalarNode('storage_factory_id')->defaultValue('session.storage.factory.native')->end()
                         ->scalarNode('handler_id')->defaultValue('session.handler.native_file')->end()
                         ->scalarNode('name')
                             ->validate()

diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php
@@ -73,7 +73,6 @@
 use Symfony\Component\HttpClient\RetryableHttpClient;
 use Symfony\Component\HttpClient\ScopingHttpClient;
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
 use Symfony\Component\HttpKernel\Attribute\AsController;
 use Symfony\Component\HttpKernel\CacheClearer\CacheClearerInterface;
 use Symfony\Component\HttpKernel\CacheWarmer\CacheWarmerInterface;
@@ -1057,20 +1056,7 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
         $loader->load('session.php');
 
         // session storage
-        if (null === $config['storage_factory_id']) {
-            trigger_deprecation('symfony/framework-bundle', '5.3', 'Not setting the "framework.session.storage_factory_id" configuration option is deprecated, it will default to "session.storage.factory.native" and will replace the "framework.session.storage_id" configuration option in version 6.0.');
-            $container->setAlias('session.storage', $config['storage_id']);
-            $container->setAlias('session.storage.factory', 'session.storage.factory.service');
-        } else {
-            $container->setAlias('session.storage.factory', $config['storage_factory_id']);
-
-            $container->removeAlias(SessionStorageInterface::class);
-            $container->removeDefinition('session.storage.metadata_bag');
-            $container->removeDefinition('session.storage.native');
-            $container->removeDefinition('session.storage.php_bridge');
-            $container->removeDefinition('session.storage.mock_file');
-            $container->removeAlias('session.storage.filesystem');
-        }
+        $container->setAlias('session.storage.factory', $config['storage_factory_id']);
 
         $options = ['cache_limiter' => '0'];
         foreach (['name', 'cookie_lifetime', 'cookie_path', 'cookie_domain', 'cookie_secure', 'cookie_httponly', 'cookie_samesite', 'use_cookies', 'gc_maxlifetime', 'gc_probability', 'gc_divisor', 'sid_length', 'sid_bits_per_character'] as $key) {
@@ -1080,30 +1066,17 @@ private function registerSessionConfiguration(array $config, ContainerBuilder $c
         }
 
         if ('auto' === ($options['cookie_secure'] ?? null)) {
-            if (null === $config['storage_factory_id']) {
-                $locator = $container->getDefinition('session_listener')->getArgument(0);
-                $locator->setValues($locator->getValues() + [
-                    'session_storage' => new Reference('session.storage', ContainerInterface::IGNORE_ON_INVALID_REFERENCE),
-                    'request_stack' => new Reference('request_stack'),
-                ]);
-            } else {
-                $container->getDefinition('session.storage.factory.native')->replaceArgument(3, true);
-                $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true);
-            }
+            $container->getDefinition('session.storage.factory.native')->replaceArgument(3, true);
+            $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(2, true);
         }
 
         $container->setParameter('session.storage.options', $options);
 
         // session handler (the internal callback registered with PHP session management)
         if (null === $config['handler_id']) {
             // Set the handler class to be null
-            if ($container->hasDefinition('session.storage.native')) {
-                $container->getDefinition('session.storage.native')->replaceArgument(1, null);
-                $container->getDefinition('session.storage.php_bridge')->replaceArgument(0, null);
-            } else {
-                $container->getDefinition('session.storage.factory.native')->replaceArgument(1, null);
-                $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null);
-            }
+            $container->getDefinition('session.storage.factory.native')->replaceArgument(1, null);
+            $container->getDefinition('session.storage.factory.php_bridge')->replaceArgument(0, null);
 
             $container->setAlias('session.handler', 'session.handler.native_file');
         } else {

diff --git a/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php b/src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php
@@ -20,7 +20,6 @@
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\LoggingTranslatorPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\ProfilerPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\RemoveUnusedSessionMarshallingHandlerPass;
-use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\SessionPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerRealRefPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\TestServiceContainerWeakRefPass;
 use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\UnusedTagsPass;
@@ -159,7 +158,6 @@ public function build(ContainerBuilder $container)
         $container->addCompilerPass(new RegisterReverseContainerPass(true));
         $container->addCompilerPass(new RegisterReverseContainerPass(false), PassConfig::TYPE_AFTER_REMOVING);
         $container->addCompilerPass(new RemoveUnusedSessionMarshallingHandlerPass());
-        $container->addCompilerPass(new SessionPass());
 
         if ($container->getParameter('kernel.debug')) {
             $container->addCompilerPass(new AddDebugLogProcessorPass(), PassConfig::TYPE_BEFORE_OPTIMIZATION, 2);

diff --git a/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php b/src/Symfony/Bundle/FrameworkBundle/KernelBrowser.php
@@ -127,11 +127,11 @@ public function loginUser(object $user, string $firewallContext = 'main'): self
         $container = $this->getContainer();
         $container->get('security.untracked_token_storage')->setToken($token);
 
-        if (!$container->has('session') && !$container->has('session_factory')) {
+        if (!$container->has('session.factory')) {
             return $this;
         }
 
-        $session = $container->get($container->has('session') ? 'session' : 'session_factory');
+        $session = $container->get('session.factory')->createSession();
         $session->set('_security_'.$firewallContext, serialize($token));
         $session->save();
 

diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/session.php
@@ -11,36 +11,23 @@
 
 namespace Symfony\Component\DependencyInjection\Loader\Configurator;
 
-use Symfony\Bundle\FrameworkBundle\Session\DeprecatedSessionFactory;
-use Symfony\Bundle\FrameworkBundle\Session\ServiceSessionFactory;
-use Symfony\Component\HttpFoundation\Session\Attribute\AttributeBag;
-use Symfony\Component\HttpFoundation\Session\Flash\FlashBag;
-use Symfony\Component\HttpFoundation\Session\Flash\FlashBagInterface;
-use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\HttpFoundation\Session\SessionFactory;
-use Symfony\Component\HttpFoundation\Session\SessionInterface;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\IdentityMarshaller;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\MarshallingSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\NativeFileSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\SessionHandlerFactory;
 use Symfony\Component\HttpFoundation\Session\Storage\Handler\StrictSessionHandler;
 use Symfony\Component\HttpFoundation\Session\Storage\MetadataBag;
-use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\MockFileSessionStorageFactory;
-use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorageFactory;
-use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorage;
 use Symfony\Component\HttpFoundation\Session\Storage\PhpBridgeSessionStorageFactory;
-use Symfony\Component\HttpFoundation\Session\Storage\SessionStorageInterface;
 use Symfony\Component\HttpKernel\EventListener\SessionListener;
 
 return static function (ContainerConfigurator $container) {
     $container->parameters()->set('session.metadata.storage_key', '_sf2_meta');
 
     $container->services()
-        ->set('.session.do-not-use', Session::class) // to be removed in 6.0
-            ->factory([service('session.factory'), 'createSession'])
         ->set('session.factory', SessionFactory::class)
             ->args([
                 service('request_stack'),
@@ -79,60 +66,9 @@
                         param('session.metadata.update_threshold'),
                     ]),
             ])
-        ->set('session.storage.factory.service', ServiceSessionFactory::class)
-            ->args([
-                service('session.storage'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native", "session.storage.factory.php_bridge" or "session.storage.factory.mock_file" instead.')
 
-        ->set('.session.deprecated', SessionInterface::class) // to be removed in 6.0
-            ->factory([inline_service(DeprecatedSessionFactory::class)->args([service('request_stack')]), 'getSession'])
-        ->alias(SessionInterface::class, '.session.do-not-use')
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" and "SessionInterface" aliases are deprecated, use "$requestStack->getSession()" instead.')
-        ->alias(SessionStorageInterface::class, 'session.storage')
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory" instead.')
         ->alias(\SessionHandlerInterface::class, 'session.handler')
 
-        ->set('session.storage.metadata_bag', MetadataBag::class)
-            ->args([
-                param('session.metadata.storage_key'),
-                param('session.metadata.update_threshold'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, create your own "session.storage.factory" instead.')
-
-        ->set('session.storage.native', NativeSessionStorage::class)
-            ->args([
-                param('session.storage.options'),
-                service('session.handler'),
-                service('session.storage.metadata_bag'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.native" instead.')
-
-        ->set('session.storage.php_bridge', PhpBridgeSessionStorage::class)
-            ->args([
-                service('session.handler'),
-                service('session.storage.metadata_bag'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.php_bridge" instead.')
-
-        ->set('session.flash_bag', FlashBag::class)
-            ->factory([service('.session.do-not-use'), 'getFlashBag'])
-            ->deprecate('symfony/framework-bundle', '5.1', 'The "%service_id%" service is deprecated, use "$session->getFlashBag()" instead.')
-        ->alias(FlashBagInterface::class, 'session.flash_bag')
-
-        ->set('session.attribute_bag', AttributeBag::class)
-            ->factory([service('.session.do-not-use'), 'getBag'])
-            ->args(['attributes'])
-            ->deprecate('symfony/framework-bundle', '5.1', 'The "%service_id%" service is deprecated, use "$session->getAttributeBag()" instead.')
-
-        ->set('session.storage.mock_file', MockFileSessionStorage::class)
-            ->args([
-                param('kernel.cache_dir').'/sessions',
-                'MOCKSESSID',
-                service('session.storage.metadata_bag'),
-            ])
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%service_id%" service is deprecated, use "session.storage.factory.mock_file" instead.')
-
         ->set('session.handler.native_file', StrictSessionHandler::class)
             ->args([
                 inline_service(NativeFileSessionHandler::class)
@@ -147,8 +83,6 @@
             ->args([
                 service_locator([
                     'session_factory' => service('session.factory')->ignoreOnInvalid(),
-                    'session' => service('.session.do-not-use')->ignoreOnInvalid(),
-                    'initialized_session' => service('.session.do-not-use')->ignoreOnUninitialized(),
                     'logger' => service('logger')->ignoreOnInvalid(),
                     'session_collector' => service('data_collector.request.session_collector')->ignoreOnInvalid(),
                 ]),
@@ -158,10 +92,6 @@
             ->tag('kernel.event_subscriber')
             ->tag('kernel.reset', ['method' => 'reset'])
 
-        // for BC
-        ->alias('session.storage.filesystem', 'session.storage.mock_file')
-            ->deprecate('symfony/framework-bundle', '5.3', 'The "%alias_id%" alias is deprecated, use "session.storage.factory.mock_file" instead.')
-
         ->set('session.marshaller', IdentityMarshaller::class)
 
         ->set('session.marshalling_handler', MarshallingSessionHandler::class)

diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php b/src/Symfony/Bundle/FrameworkBundle/Resources/config/test.php
@@ -38,7 +38,6 @@
         ->set('test.session.listener', SessionListener::class)
             ->args([
                 service_locator([
-                    'session' => service('.session.do-not-use')->ignoreOnInvalid(),
                     'session_factory' => service('session.factory')->ignoreOnInvalid(),
                 ]),
                 param('kernel.debug'),