Use Illuminate Session component instead of Symfony

Symfony's component relies on PHP's native session functionality, which is not ideal. It automatically sets its own cookie headers, resulting in this issue: https://github.com/flarum/core/issues/1084#issuecomment-364569953 The Illuminate component is more powerful and has a simpler API for extension with other drivers and such, and fits in nicely with other components we use (the majority of which are from Illuminate).
2025-10-13 07:54:25 +02:00 · 2018-02-10 12:04:07 +10:30
parent b4e093ab8a
commit 5672819549
12 changed files with 91 additions and 38 deletions
--- a/src/Http/SessionAuthenticator.php
+++ b/src/Http/SessionAuthenticator.php
@@ -11,25 +11,26 @@

 namespace Flarum\Http;

-use Symfony\Component\HttpFoundation\Session\SessionInterface;
+use Illuminate\Contracts\Session\Session;

 class SessionAuthenticator
 {
    /**
-     * @param SessionInterface $session
+     * @param Session $session
     * @param int $userId
     */
-    public function logIn(SessionInterface $session, $userId)
+    public function logIn(Session $session, $userId)
    {
-        $session->migrate();
-        $session->set('user_id', $userId);
+        $session->regenerate(true);
+        $session->put('user_id', $userId);
    }

    /**
-     * @param SessionInterface $session
+     * @param Session $session
     */
-    public function logOut(SessionInterface $session)
+    public function logOut(Session $session)
    {
        $session->invalidate();
+        $session->regenerateToken();
    }
 }