symfony: "Cannot change the ID of an active session." after upgrading to 5.4
Symfony version(s) affected
5.4.0, 5.4.1
Description
We have a legacy application that we are slowly migrating to Symfony, which we did following this guide with good results since 5.0: https://symfony.com/doc/current/session/php_bridge.html
Since we upgraded to 5.4.0 from 5.3.*, we are observing a Cannot change the ID of an active session. intermitently.
How to reproduce
I’ve been able to reproduce in an isolated project: https://github.com/devnix/symfony-sessions-messed-up
master branch is running 5.4.* and branch 5.3 is showing how it works.
Possible Solution
I’ve been able to track down the code affecting the sessions this way here: https://github.com/symfony/symfony/commit/b3e4f6657c0c47e1b5ba85e4554a3c273ee61066
https://github.com/symfony/symfony/blob/v5.4.0/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L72-L87 https://github.com/symfony/symfony/blob/v5.4.0/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L136-L183
Monkey patching the class without these portions of code makes it work again.
I understand that this is a neat solution for new runtimes like Roadrunner, but it’s breaking compatibility with how sessions worked. Maybe the solution would be to be able to opt-in to this functionality? Should the documentation about migrating legacy applications be updated?
Additional Context
No response
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Reactions: 15
- Comments: 21 (9 by maintainers)
Thanks for creating such a great issue report, with a bug reproducer and insights about the possible cause of this issue!
In my case, I replaced both Files of #44634 and it worked perfectly. thx
@devnix thank you for testing it out so quickly! I will try to have a look at the other issue at the evening.