Details
-
Bug
-
Resolution: Invalid
-
High
-
None
-
5.3, 5.3.1, 5.3.2
-
None
Description
In eZ Publish 5.3 some changes have been made to the session mechanism, namely:
* Session name is now always prefixed by `eZSESSID`. * `is_logged_in` cookie is not sent or used any more by Symfony stack (it is still used by legacy though). Anonymous state is now checked by the presence of a session cookie (prefixed by `eZSESSID`).
The code implementation reflects this, and in multiple places expects the session name to be prefixed this way.
However, there are multiple issues:
- The default session name for a new siteaccess is eZSESSID<siteaccess_hash>, so it won't be shared with others
- The default configuration in ezpublish.yml is 'eZSESSID' (for SAs created during setup), but this value can be modified to "whatever" (without the needed prefix)
- ezpublish.yml.example does not document this limitation, and actually uses an incorrect example:
frontend_group: # Session name will be common for all siteaccesses members of this group # It means that session will be shared for frontend siteaccesses, but not with backoffice session: name: MyFrontendSessionName
Attachments
Issue Links
- relates to
-
EZP-22045 As a developer, I want user login to be fully handled by Symfony stack
- Closed