Skip to content

Allow setting session lifetime from middleware before starting session #17964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
markstory merged 6 commits into from
Dec 20, 2024
Merged

Allow setting session lifetime from middleware before starting session #17964

markstory merged 6 commits into from
Dec 20, 2024

Conversation

@kolorafa
Copy link
Contributor

@kolorafa kolorafa commented Oct 11, 2024

Ability to change session lifetime in Middleware (so after already having created Session instance) but before session started (as this is used when starting a session).

The purpose is to have the session lifetime setting set in database, but fetching data from database in bootstrap have side-effects (like not showing the query in DebugKit, or having wrong db connection if it's configured by another bootstrap file (like a plugin). It is up to developer to correctly order the middlewares.

While currently the only way to change that would be to create new Session instance in middleware and replace it.

Other simpler implementation could be just putting a setter for that private value:

    public function setSessionLifetime(int $lifetime): void
    {
        if ($this->started()) {
            throw new CakeException("Can't modify session lifetime after session has already been started.");
        }

        $this->_lifetime = $lifetime;
    }

I can make different PR with only the setter if that would be preferred.

ADmad
ADmad reviewed Oct 11, 2024
View reviewed changes
src/Http/Session.php
* @return void
* @throws \Cake\Core\Exception\CakeException
*/
public function setSessionLifetime(int $lifetime): void
Copy link
Member

@ADmad ADmad Oct 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of special casing session lifetime how about we add a general setConfig() to allow changing any session config before the session is started?

Copy link
Contributor Author

@kolorafa kolorafa Oct 11, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issue would be that this config variable is only read in constructor, and also have some side-effects when setting it.

So using setConfig would not set the session.gc_maxlifetime, and adding it would also require to change the _timedOut() to read directly from config.

But yes, if the logic that is in constructor would be moved and executed when starting session ... that would make sense.

Copy link
Member

@ADmad ADmad Oct 11, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, all the code in the constructor (barring last 2 lines probably) would be moved into the new setConfig() method and then the constructor can call that method.

Copy link
Member

@ADmad ADmad Oct 24, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about this again, having a separate method to update only the session lifetime is good enough since we already have separate public methods for ini config options() and the handler engine().

dereuromark
dereuromark reviewed Oct 11, 2024
View reviewed changes
@markstory markstory added this to the 5.2.0 milestone Oct 11, 2024
ADmad
ADmad reviewed Oct 31, 2024
View reviewed changes
@dereuromark
Copy link
Member

dereuromark commented Nov 19, 2024

Ping @kolorafa

ADmad
ADmad reviewed Dec 4, 2024
View reviewed changes
@kolorafa
Copy link
Contributor Author

kolorafa commented Dec 4, 2024

Sorry for the delay, the tasks at work got shifted and the scheduled time to work on those PR got delayed :(

@ADmad ADmad added the needs squashing The pull request should be squashed before merging label Dec 4, 2024
@ADmad ADmad requested a review from markstory December 4, 2024 19:15
@markstory markstory merged commit 0754517 into cakephp:5.next Dec 20, 2024
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dereuromark dereuromark dereuromark left review comments

@ADmad ADmad ADmad approved these changes

@markstory markstory Awaiting requested review from markstory

Assignees

No one assigned

Labels

needs squashing The pull request should be squashed before merging

Projects

None yet

Milestone

5.2.0

Development

Successfully merging this pull request may close these issues.

4 participants

@kolorafa @dereuromark @ADmad @markstory