Skip to content

[HttpKernel] session.cookie settings from php.ini are not used on AbstractSessionListener #44500

@simonchrz

Description

@simonchrz

Symfony version(s) affected

5.4.0

Description

If i choose to use php.ini (or NativeSessionStorage class) to configure the session.cookie_* settings, the AbstractSessionListener doesn't use them (possibly after refactoring on #41390) as expected, but i'm forced to set them on framework.yaml configuration.
On symfony/http-kernel 5.3 this works as expected

How to reproduce

  • as an example we use session.cookie_path, but this should work for any session.cookie_* setting
  • configure session.cookie_path on your php.ini
  • do NOT configure cookie_path on your framework.yaml
  • start a session via Symfony SessionListener
  • session cookie uses symfony default setting for cookie_path (which is "/") and not (as expected) the setting from php.ini

Possible Solution

Additional Context

additionally the session.cookie_secure=auto setting doesn't work anymore as expected, because the Cookie::create expects a boolean value for $secure parameter... so now, it's always true. :-(
https://github.com/symfony/symfony/blob/5.4/src/Symfony/Component/HttpKernel/EventListener/AbstractSessionListener.php#L171

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions