Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23176

Lazy sessions are not honored in 5.3

    XMLWordPrintable

Details

    Description

      As of 5.3 / 2014.03, sessions are supposed to be lazy again, managed by Symfony. This was made possible by handling user authentication by Symfony security component.
      However, accessing an eZ 5.3 website (frontend) will always start a session (and send a session cookie if one does not yet exist), even for anonymous users.

      Culprit is eZ\Bundle\EzPublishLegacyBundle\LegacyMapper\Security::onKernelBuilt(). It indeed injects any user authenticated in the Repository in the legacy kernel, using eZUser::setLoggedInUser(), which triggers session start.

      Steps to reproduce:
      > curl -I http://ezp53.local/

HTTP/1.1 200 OK
Date: Wed, 16 Jul 2014 19:04:59 GMT
Server: Apache/2.2.22 (Ubuntu)
X-Powered-By: PHP/5.4.30-2+deb.sury.org <http://deb.sury.org>~__precise+1
Set-Cookie: eZSESSID=__fdtp4lbsnd59v9rnccgs6cgnj0; path=/

      Attachments

        Activity

          People

            Unassigned Unassigned
            joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 6 hours
                6h