Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[HttpKernel][Security] Fix accessing session for stateless request #57372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 17, 2024
Merged

[HttpKernel][Security] Fix accessing session for stateless request #57372

merged 1 commit into from
Jun 17, 2024

Conversation

VincentLanglet
Copy link
Contributor

@VincentLanglet VincentLanglet commented Jun 11, 2024
edited by OskarStark
Loading

Q A
Branch? 5.4
Bug fix? yes
New feature? no
Deprecations? no
Issues Fix #...
License MIT

I'm getting some Session was used while the request was declared stateless. warning on my project.

When throwing an error in the getSession method, I found 3 places where the getSession were used without any check about the stateless state of the request.

@VincentLanglet VincentLanglet requested a review from chalasr as a code owner June 11, 2024 15:55
@carsonbot carsonbot added this to the 5.4 milestone Jun 11, 2024
@carsonbot carsonbot changed the title Fix accessing session for stateless request. [HttpKernel][Security] Fix accessing session for stateless request. Jun 12, 2024
@OskarStark OskarStark changed the title [HttpKernel][Security] Fix accessing session for stateless request. [HttpKernel][Security] Fix accessing session for stateless request Jun 12, 2024
@VincentLanglet VincentLanglet force-pushed the fix-stateless-session branch from 7b6c48a to c195c3b Compare June 16, 2024 17:37
@VincentLanglet
Copy link
Contributor Author

Ready to review @OskarStark

94noni
94noni approved these changes Jun 17, 2024
View reviewed changes
Copy link
Contributor

@94noni 94noni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can't this check be done inside the $request 's session accessing logic ?
perhaps unrelated but I think that like this, codebase may evolve with addition of session code without this check so it will come back again no ?

@fabpot fabpot force-pushed the fix-stateless-session branch from c195c3b to 40341a1 Compare June 17, 2024 05:58
@fabpot
Copy link
Member

fabpot commented Jun 17, 2024

Thank you @VincentLanglet.

@fabpot fabpot merged commit e480b38 into symfony:5.4 Jun 17, 2024
9 of 12 checks passed
@Seb33300
Copy link
Contributor

I have a similar PR created 2 months ago: #54742

@VincentLanglet VincentLanglet mentioned this pull request Jun 23, 2024
Open
@VincentLanglet
Copy link
Contributor Author

can't this check be done inside the $request 's session accessing logic ? perhaps unrelated but I think that like this, codebase may evolve with addition of session code without this check so it will come back again no ?

I've opened a RFC about this @94noni. Feel free to comment on it #57502

@VincentLanglet VincentLanglet deleted the fix-stateless-session branch June 23, 2024 16:52
This was referenced Jun 28, 2024
Merged
Merged
Merged
Merged
@blankse blankse mentioned this pull request Jul 1, 2024
Merged
@Seb33300 Seb33300 mentioned this pull request Jul 3, 2024
Closed
@micheh micheh mentioned this pull request Jul 27, 2024
Closed
@MatTheCat MatTheCat mentioned this pull request Jul 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fabpot fabpot fabpot approved these changes

@94noni 94noni 94noni approved these changes

@xabbuh xabbuh xabbuh approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees
No one assigned
Labels
Bug HttpKernel Security Status: Reviewed
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.
7 participants
@VincentLanglet @fabpot @Seb33300 @94noni @xabbuh @OskarStark @carsonbot