diff --git a/UPGRADE-7.2.md b/UPGRADE-7.2.md
index fcfb37e982fc8..a02b6b180b4aa 100644
--- a/UPGRADE-7.2.md
+++ b/UPGRADE-7.2.md
@@ -28,11 +28,12 @@ FrameworkBundle
---------------
* [BC BREAK] The `secrets:decrypt-to-local` command terminates with a non-zero exit code when a secret could not be read
+ * Deprecate `session.sid_length` and `session.sid_bits_per_character` config options
HttpFoundation
--------------
- * Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
+ * Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts`, `trans_sid_tags`, `sid_bits_per_character` and `sid_length` options to `NativeSessionStorage`
Ldap
----
diff --git a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
index 193f4570cf92e..4d7fbaa4a2a39 100644
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@@ -12,6 +12,7 @@ CHANGELOG
* Deprecate making `cache.app` adapter taggable, use the `cache.app.taggable` adapter instead
* Enable `json_decode_detailed_errors` in the default serializer context in debug mode by default when `seld/jsonlint` is installed
* Register `Symfony\Component\Serializer\NameConverter\SnakeCaseToCamelCaseNameConverter` as a service named `serializer.name_converter.snake_case_to_camel_case` if available
+ * Deprecate `session.sid_length` and `session.sid_bits_per_character` config options
7.1
---
diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
index 4e66371e426ad..02872f1b805bd 100644
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@@ -685,10 +685,12 @@ private function addSessionSection(ArrayNodeDefinition $rootNode): void
->integerNode('sid_length')
->min(22)
->max(256)
+ ->setDeprecated('symfony/framework-bundle', '7.2', 'Setting the "%path%.%node%" configuration option is deprecated. It will be removed in version 8.0. No alternative is provided as PHP 8.4 has deprecated the related option.')
->end()
->integerNode('sid_bits_per_character')
->min(4)
->max(6)
+ ->setDeprecated('symfony/framework-bundle', '7.2', 'Setting the "%path%.%node%" configuration option is deprecated. It will be removed in version 8.0. No alternative is provided as PHP 8.4 has deprecated the related option.')
->end()
->end()
->end()
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
index 4fbf72a9f6eea..8c97c84a5d8b7 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/full.php
@@ -43,8 +43,6 @@
'gc_maxlifetime' => 90000,
'gc_divisor' => 108,
'gc_probability' => 1,
- 'sid_length' => 22,
- 'sid_bits_per_character' => 4,
'save_path' => '/path/to/sessions',
],
'assets' => [
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
index fd5d52e1c5de5..48c5e6f6d44d1 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/full.xml
@@ -17,7 +17,7 @@
-
+
text/csv
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
index 96001f1d2dc88..69a19baa4b73b 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/full.yml
@@ -36,8 +36,6 @@ framework:
gc_probability: 1
gc_divisor: 108
gc_maxlifetime: 90000
- sid_length: 22
- sid_bits_per_character: 4
save_path: /path/to/sessions
assets:
version: v1
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTestCase.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTestCase.php
index a6da61ae37ffb..2fadb76fd2801 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTestCase.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTestCase.php
@@ -676,8 +676,6 @@ public function testSession()
$this->assertEquals(108, $options['gc_divisor']);
$this->assertEquals(1, $options['gc_probability']);
$this->assertEquals(90000, $options['gc_maxlifetime']);
- $this->assertEquals(22, $options['sid_length']);
- $this->assertEquals(4, $options['sid_bits_per_character']);
$this->assertEquals('/path/to/sessions', $container->getParameter('session.save_path'));
}
diff --git a/src/Symfony/Component/HttpFoundation/CHANGELOG.md b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
index 6fe867ddf87cf..6616aa0adfed3 100644
--- a/src/Symfony/Component/HttpFoundation/CHANGELOG.md
+++ b/src/Symfony/Component/HttpFoundation/CHANGELOG.md
@@ -7,7 +7,7 @@ CHANGELOG
* Add optional `$requests` parameter to `RequestStack::__construct()`
* Add optional `$v4Bytes` and `$v6Bytes` parameters to `IpUtils::anonymize()`
* Add `PRIVATE_SUBNETS` as a shortcut for private IP address ranges to `Request::setTrustedProxies()`
- * Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts` and `trans_sid_tags` options to `NativeSessionStorage`
+ * Deprecate passing `referer_check`, `use_only_cookies`, `use_trans_sid`, `trans_sid_hosts`, `trans_sid_tags`, `sid_bits_per_character` and `sid_length` options to `NativeSessionStorage`
7.1
---
diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
index 0794fd269613d..3d08f5f6d7c01 100644
--- a/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
+++ b/src/Symfony/Component/HttpFoundation/Session/Storage/NativeSessionStorage.php
@@ -68,8 +68,8 @@ class NativeSessionStorage implements SessionStorageInterface
* use_cookies, "1"
* use_only_cookies, "1" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
* use_trans_sid, "0" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
- * sid_length, "32"
- * sid_bits_per_character, "5"
+ * sid_length, "32" (@deprecated since Symfony 7.2, to be removed in 8.0)
+ * sid_bits_per_character, "5" (@deprecated since Symfony 7.2, to be removed in 8.0)
* trans_sid_hosts, $_SERVER['HTTP_HOST'] (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
* trans_sid_tags, "a=href,area=href,frame=src,form=" (deprecated since Symfony 7.2, to be removed in Symfony 8.0)
*/
@@ -126,8 +126,8 @@ public function start(): bool
* See https://www.php.net/manual/en/session.configuration.php#ini.session.sid-bits-per-character.
* Allowed values are integers such as:
* - 4 for range `a-f0-9`
- * - 5 for range `a-v0-9`
- * - 6 for range `a-zA-Z0-9,-`
+ * - 5 for range `a-v0-9` (@deprecated since Symfony 7.2, it will default to 4 and the option will be ignored in Symfony 8.0)
+ * - 6 for range `a-zA-Z0-9,-` (@deprecated since Symfony 7.2, it will default to 4 and the option will be ignored in Symfony 8.0)
*
* ---------- Part 2
*
@@ -139,6 +139,8 @@ public function start(): bool
* - The length of Windows and Linux filenames is limited to 255 bytes. Then the max must not exceed 255.
* - The session filename prefix is `sess_`, a 5 bytes string. Then the max must not exceed 255 - 5 = 250.
*
+ * This is @deprecated since Symfony 7.2, the sid length will default to 32 and the option will be ignored in Symfony 8.0.
+ *
* ---------- Conclusion
*
* The parts 1 and 2 prevent the warning below:
@@ -328,7 +330,7 @@ public function setOptions(array $options): void
]);
foreach ($options as $key => $value) {
- if (\in_array($key, ['referer_check', 'use_only_cookies', 'use_trans_sid', 'trans_sid_hosts', 'trans_sid_tags'], true)) {
+ if (\in_array($key, ['referer_check', 'use_only_cookies', 'use_trans_sid', 'trans_sid_hosts', 'trans_sid_tags', 'sid_length', 'sid_bits_per_character'], true)) {
trigger_deprecation('symfony/http-foundation', '7.2', 'NativeSessionStorage\'s "%s" option is deprecated and will be ignored in Symfony 8.0.', $key);
}
diff --git a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
index a7189a37b827f..d21ca888ce9ea 100644
--- a/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
+++ b/src/Symfony/Component/HttpFoundation/Tests/Session/Storage/NativeSessionStorageTest.php
@@ -370,6 +370,8 @@ public function testSaveHandlesNullSessionGracefully()
*/
public function testPassingDeprecatedOptions()
{
+ $this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "sid_length" option is deprecated and will be ignored in Symfony 8.0.');
+ $this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "sid_bits_per_character" option is deprecated and will be ignored in Symfony 8.0.');
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "referer_check" option is deprecated and will be ignored in Symfony 8.0.');
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "use_only_cookies" option is deprecated and will be ignored in Symfony 8.0.');
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "use_trans_sid" option is deprecated and will be ignored in Symfony 8.0.');
@@ -377,6 +379,8 @@ public function testPassingDeprecatedOptions()
$this->expectDeprecation('Since symfony/http-foundation 7.2: NativeSessionStorage\'s "trans_sid_tags" option is deprecated and will be ignored in Symfony 8.0.');
$this->getStorage([
+ 'sid_length' => 42,
+ 'sid_bits_per_character' => 6,
'referer_check' => 'foo',
'use_only_cookies' => 'foo',
'use_trans_sid' => 'foo',