Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-23176

Lazy sessions are not honored in 5.3

    XMLWordPrintable

Details

    Description

      As of 5.3 / 2014.03, sessions are supposed to be lazy again, managed by Symfony. This was made possible by handling user authentication by Symfony security component.
      However, accessing an eZ 5.3 website (frontend) will always start a session (and send a session cookie if one does not yet exist), even for anonymous users.

      Culprit is eZ\Bundle\EzPublishLegacyBundle\LegacyMapper\Security::onKernelBuilt(). It indeed injects any user authenticated in the Repository in the legacy kernel, using eZUser::setLoggedInUser(), which triggers session start.

      Steps to reproduce:
      > curl -I http://ezp53.local/
      
      HTTP/1.1 200 OK
      Date: Wed, 16 Jul 2014 19:04:59 GMT
      Server: Apache/2.2.22 (Ubuntu)
      X-Powered-By: PHP/5.4.30-2+deb.sury.org <http://deb.sury.org>~__precise+1
      Set-Cookie: eZSESSID=__fdtp4lbsnd59v9rnccgs6cgnj0; path=/ 
      

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              joao.inacio-obsolete@ez.no Joao Inacio (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 6 hours
                  6h