[FrameworkBundle] Add sid_length and sid_bits_per_character session ini options in configuration

| Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #29830 | License | MIT | Doc PR | n/a this a fix for the issue #29830 After deliberation, we estimate that only `sid_length` and` sid_bits_per_character` session options should be exposed. These options à optional. For others, we recommend changing your php.ini file We can now configure the session like this : ```yaml framwork: session: sid_length: 64 //optional, recommended value is 32 sid_bits_per_character: 6 //optional, recommended value is 5 ```
2019-01-29 17:57:01 +01:00 · 2019-01-29 17:57:01 +01:00 · 0403e4ad67
commit 0403e4ad67
parent fd4306a3ab
3 changed files with 28 additions and 1 deletions
--- a/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
+++ b/src/Symfony/Bundle/FrameworkBundle/CHANGELOG.md
@ -13,6 +13,8 @@ CHANGELOG
   original serialization method, set the `framework.messenger.serializer.id`
   config option to `messenger.transport.symfony_serializer`.
 * Added information about deprecated aliases in `debug:autowiring` 
+ * Added php ini session options `sid_length` and `sid_bits_per_character` 
+   to the `session` section of the configuration

 4.2.0
 -----
--- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
+++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php
@ -509,6 +509,14 @@ class Configuration implements ConfigurationInterface
                            ->defaultValue(0)
                            ->info('seconds to wait between 2 session metadata updates')
                        ->end()
+                        ->integerNode('sid_length')
+                            ->min(22)
+                            ->max(256)
+                        ->end()
+                        ->integerNode('sid_bits_per_character')
+                            ->min(4)
+                            ->max(6)
+                        ->end()
                    ->end()
                ->end()
            ->end()
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
@ -112,6 +112,8 @@
        <xsd:attribute name="gc-probability" type="xsd:string" />
        <xsd:attribute name="save-path" type="xsd:string" />
        <xsd:attribute name="metadata-update-threshold" type="xsd:nonNegativeInteger" />
+        <xsd:attribute name="sid-length" type="sid_length" />
+        <xsd:attribute name="sid-bits-per-character" type="sid_bits_per_character" />
    </xsd:complexType>

    <xsd:complexType name="request">
@ -343,7 +345,7 @@
        </xsd:restriction>
    </xsd:simpleType>

-     <xsd:simpleType name="cookie_samesite">
+    <xsd:simpleType name="cookie_samesite">
        <xsd:restriction base="xsd:string">
            <xsd:enumeration value="" />
            <xsd:enumeration value="lax" />
@ -351,6 +353,21 @@
        </xsd:restriction>
    </xsd:simpleType>

+    <xsd:simpleType name="sid_bits_per_character">
+        <xsd:restriction base="xsd:positiveInteger">
+            <xsd:enumeration value="4" />
+            <xsd:enumeration value="5" />
+            <xsd:enumeration value="6" />
+        </xsd:restriction>
+    </xsd:simpleType>
+
+    <xsd:simpleType name="sid_length">
+        <xsd:restriction base="xsd:positiveInteger">
+            <xsd:minInclusive value="22" />
+            <xsd:maxInclusive value="256" />
+        </xsd:restriction>
+    </xsd:simpleType>
+
    <xsd:simpleType name="workflow_type">
        <xsd:restriction base="xsd:string">
            <xsd:enumeration value="state_machine" />