Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23176

Lazy sessions are not honored in 5.3

    XMLWordPrintable

    Details

      Description

      As of 5.3 / 2014.03, sessions are supposed to be lazy again, managed by Symfony. This was made possible by handling user authentication by Symfony security component.
      However, accessing an eZ 5.3 website (frontend) will always start a session (and send a session cookie if one does not yet exist), even for anonymous users.

      Culprit is eZ\Bundle\EzPublishLegacyBundle\LegacyMapper\Security::onKernelBuilt(). It indeed injects any user authenticated in the Repository in the legacy kernel, using eZUser::setLoggedInUser(), which triggers session start.

      Steps to reproduce:
      > curl -I http://ezp53.local/
      
      HTTP/1.1 200 OK
      Date: Wed, 16 Jul 2014 19:04:59 GMT
      Server: Apache/2.2.22 (Ubuntu)
      X-Powered-By: PHP/5.4.30-2+deb.sury.org <http://deb.sury.org>~__precise+1
      Set-Cookie: eZSESSID=__fdtp4lbsnd59v9rnccgs6cgnj0; path=/ 
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 6 hours
                  6h