I am trying to re-use the $kernel object like this:

$kernel = new AppKernel('prod', false);

$response1 = $kernel->handle($request1);
$kernel->terminate($request1, $response1);

$response2 = $kernel->handle($request2);
$kernel->terminate($request2, $response2);

This is obviously a use-case which not too many have tried, but here I am. I was surprised that most components seem to be well behaved in this regard. Currently I have only found two initializations in the security component that incorrectly add listeners.

I would like to propose two guidelines for initialization in general:

1. Initial run check should happen through checking $this->is_initialized (or whatever) instead of checking for HttpKernelInterface::MASTER_REQUEST
2. (Service) initialization should not depend on the request object

ContextListener::handle() does not comply with the first. It registers a listener on every master request causing a leak. Easy fix.

Firewall::onKernelRequest() does not with the second. It registers all applicable listeners through getListeners($event->getRequest()) on every master request causing a leak and potentially incorrect listeners from another firewall to be applied. A proper solution would require a restructure on how different firewalls exist within an application I think. I'm a bit out of my league here, but I think a general exception listener with a reference to the configuration should do it.

A different solution might consist of clearing the old listeners before registring the new, but that seems uglier to me.

What obvious things did I miss? Is everyone ok with enabling a single kernel to handle multiple requests?